Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LisectAVT_2403002B_286.exe

Overview

General Information

Sample name:LisectAVT_2403002B_286.exe
Analysis ID:1481863
MD5:feffd73ddba802eae61e964e78ef7e95
SHA1:e727e9d97f34c4e0903f4c9188883347addae2e8
SHA256:31fc993f42d691c16489d7e3e101f64362c585dd29cf40aad479dd2f53103b4c
Tags:exe
Infos:

Detection

Score:69
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
.NET source code contains potential unpacker
AI detected suspicious sample
Contains functionality to inject threads in other processes
Deletes itself after installation
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Dot net compiler compiles file from suspicious location
Tries to detect virtualization through RDTSC time measurements
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • LisectAVT_2403002B_286.exe (PID: 5532 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" MD5: FEFFD73DDBA802EAE61E964E78EF7E95)
    • LisectAVT_2403002B_286_Update.exe (PID: 4756 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe" "update" "LisectAVT_2403002B_286.exe" MD5: BF04325C66CFA445F487A5F799990189)
      • LisectAVT_2403002B_286.exe (PID: 3688 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe" MD5: BF04325C66CFA445F487A5F799990189)
        • LisectAVT_2403002B_286_Update.exe (PID: 5136 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe" "update" "LisectAVT_2403002B_286.exe" MD5: F72D84B6D1683DEE10A997DEDB825D7D)
          • LisectAVT_2403002B_286.exe (PID: 6472 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe" MD5: F72D84B6D1683DEE10A997DEDB825D7D)
            • csc.exe (PID: 3848 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
              • conhost.exe (PID: 5524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cvtres.exe (PID: 2676 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3017.tmp" "c:\Users\user\AppData\Local\Temp\srv33q4h\CSCE64E61EBE53F4480B5C383A5A36CF7D1.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
            • csc.exe (PID: 4204 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.cmdline" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
              • conhost.exe (PID: 5788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cvtres.exe (PID: 1888 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6262.tmp" "c:\Users\user\AppData\Local\Temp\zkeqnbkw\CSC5F800B2BAE9D475489BCBC699BC2FE5.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
            • csc.exe (PID: 6828 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.cmdline" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
              • conhost.exe (PID: 7072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cvtres.exe (PID: 6208 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6D8E.tmp" "c:\Users\user\AppData\Local\Temp\1kjwnqt4\CSCF68404DF18AE46178AD88EB7B711C3F0.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.2887278083.00000000099B0000.00000004.10000000.00040000.00000000.sdmpINDICATOR_EXE_Packed_DNGuardDetects executables packed with DNGuardditekSHen
  • 0x19ed1:$s1: DNGuard Runtime library
  • 0x19ffd:$s1: DNGuard Runtime library
  • 0x1a06c:$s1: DNGuard Runtime library
  • 0x1a0e2:$s2: [*=*]This application is expired ![*=*]
  • 0x18dc9:$s3: DNGuard.Runtime
  • 0x19213:$s3: DNGuard.Runtime
  • 0x19f6d:$s3: DNGuard.Runtime
  • 0x1a7e3:$s3: DNGuard.Runtime
  • 0x1b408:$s3: DNGuard.Runtime
  • 0x1b4e8:$s3: DNGuard.Runtime
  • 0x1b530:$s3: DNGuard.Runtime
  • 0x1871e:$s4: EnableHVM
  • 0x18af2:$s4: EnableHVM
  • 0x197e0:$s4: EnableHVM
  • 0x18ae6:$s5: DNGuard.SDK
00000009.00000002.2778525625.00000000099C0000.00000004.10000000.00040000.00000000.sdmpINDICATOR_EXE_Packed_DNGuardDetects executables packed with DNGuardditekSHen
  • 0x19ed1:$s1: DNGuard Runtime library
  • 0x19ffd:$s1: DNGuard Runtime library
  • 0x1a06c:$s1: DNGuard Runtime library
  • 0x1a0e2:$s2: [*=*]This application is expired ![*=*]
  • 0x18dc9:$s3: DNGuard.Runtime
  • 0x19213:$s3: DNGuard.Runtime
  • 0x19f6d:$s3: DNGuard.Runtime
  • 0x1a7e3:$s3: DNGuard.Runtime
  • 0x1b408:$s3: DNGuard.Runtime
  • 0x1b4e8:$s3: DNGuard.Runtime
  • 0x1b530:$s3: DNGuard.Runtime
  • 0x1871e:$s4: EnableHVM
  • 0x18af2:$s4: EnableHVM
  • 0x197e0:$s4: EnableHVM
  • 0x18ae6:$s5: DNGuard.SDK
0000000A.00000002.2831351105.0000000009990000.00000004.10000000.00040000.00000000.sdmpINDICATOR_EXE_Packed_DNGuardDetects executables packed with DNGuardditekSHen
  • 0x19ed1:$s1: DNGuard Runtime library
  • 0x19ffd:$s1: DNGuard Runtime library
  • 0x1a06c:$s1: DNGuard Runtime library
  • 0x1a0e2:$s2: [*=*]This application is expired ![*=*]
  • 0x18dc9:$s3: DNGuard.Runtime
  • 0x19213:$s3: DNGuard.Runtime
  • 0x19f6d:$s3: DNGuard.Runtime
  • 0x1a7e3:$s3: DNGuard.Runtime
  • 0x1b408:$s3: DNGuard.Runtime
  • 0x1b4e8:$s3: DNGuard.Runtime
  • 0x1b530:$s3: DNGuard.Runtime
  • 0x1871e:$s4: EnableHVM
  • 0x18af2:$s4: EnableHVM
  • 0x197e0:$s4: EnableHVM
  • 0x18ae6:$s5: DNGuard.SDK

Unpacked PEs

SourceRuleDescriptionAuthorStrings
10.2.LisectAVT_2403002B_286.exe.3ba9550.6.raw.unpackINDICATOR_EXE_Packed_DNGuardDetects executables packed with DNGuardditekSHen
  • 0x19ed1:$s1: DNGuard Runtime library
  • 0x19ffd:$s1: DNGuard Runtime library
  • 0x1a06c:$s1: DNGuard Runtime library
  • 0x1a0e2:$s2: [*=*]This application is expired ![*=*]
  • 0x18dc9:$s3: DNGuard.Runtime
  • 0x19213:$s3: DNGuard.Runtime
  • 0x19f6d:$s3: DNGuard.Runtime
  • 0x1a7e3:$s3: DNGuard.Runtime
  • 0x1b408:$s3: DNGuard.Runtime
  • 0x1b4e8:$s3: DNGuard.Runtime
  • 0x1b530:$s3: DNGuard.Runtime
  • 0x1871e:$s4: EnableHVM
  • 0x18af2:$s4: EnableHVM
  • 0x197e0:$s4: EnableHVM
  • 0x18ae6:$s5: DNGuard.SDK
11.2.LisectAVT_2403002B_286_Update.exe.3cf9550.5.unpackINDICATOR_EXE_Packed_DNGuardDetects executables packed with DNGuardditekSHen
  • 0x180d1:$s1: DNGuard Runtime library
  • 0x181fd:$s1: DNGuard Runtime library
  • 0x1826c:$s1: DNGuard Runtime library
  • 0x182e2:$s2: [*=*]This application is expired ![*=*]
  • 0x16fc9:$s3: DNGuard.Runtime
  • 0x17413:$s3: DNGuard.Runtime
  • 0x1816d:$s3: DNGuard.Runtime
  • 0x189e3:$s3: DNGuard.Runtime
  • 0x19608:$s3: DNGuard.Runtime
  • 0x196e8:$s3: DNGuard.Runtime
  • 0x19730:$s3: DNGuard.Runtime
  • 0x1691e:$s4: EnableHVM
  • 0x16cf2:$s4: EnableHVM
  • 0x179e0:$s4: EnableHVM
  • 0x16ce6:$s5: DNGuard.SDK
9.2.LisectAVT_2403002B_286_Update.exe.92d5600.18.unpackINDICATOR_EXE_Packed_DNGuardDetects executables packed with DNGuardditekSHen
  • 0x180d1:$s1: DNGuard Runtime library
  • 0x181fd:$s1: DNGuard Runtime library
  • 0x1826c:$s1: DNGuard Runtime library
  • 0x182e2:$s2: [*=*]This application is expired ![*=*]
  • 0x16fc9:$s3: DNGuard.Runtime
  • 0x17413:$s3: DNGuard.Runtime
  • 0x1816d:$s3: DNGuard.Runtime
  • 0x189e3:$s3: DNGuard.Runtime
  • 0x19608:$s3: DNGuard.Runtime
  • 0x196e8:$s3: DNGuard.Runtime
  • 0x19730:$s3: DNGuard.Runtime
  • 0x1691e:$s4: EnableHVM
  • 0x16cf2:$s4: EnableHVM
  • 0x179e0:$s4: EnableHVM
  • 0x16ce6:$s5: DNGuard.SDK
10.2.LisectAVT_2403002B_286.exe.8540000.27.unpackINDICATOR_EXE_Packed_DNGuardDetects executables packed with DNGuardditekSHen
  • 0x1d58:$s1: DNGuard Runtime library
  • 0x1e78:$s1: DNGuard Runtime library
  • 0x1ee7:$s1: DNGuard Runtime library
  • 0x1f5d:$s2: [*=*]This application is expired ![*=*]
10.2.LisectAVT_2403002B_286.exe.9990000.29.unpackINDICATOR_EXE_Packed_DNGuardDetects executables packed with DNGuardditekSHen
  • 0x180d1:$s1: DNGuard Runtime library
  • 0x181fd:$s1: DNGuard Runtime library
  • 0x1826c:$s1: DNGuard Runtime library
  • 0x182e2:$s2: [*=*]This application is expired ![*=*]
  • 0x16fc9:$s3: DNGuard.Runtime
  • 0x17413:$s3: DNGuard.Runtime
  • 0x1816d:$s3: DNGuard.Runtime
  • 0x189e3:$s3: DNGuard.Runtime
  • 0x19608:$s3: DNGuard.Runtime
  • 0x196e8:$s3: DNGuard.Runtime
  • 0x19730:$s3: DNGuard.Runtime
  • 0x1691e:$s4: EnableHVM
  • 0x16cf2:$s4: EnableHVM
  • 0x179e0:$s4: EnableHVM
  • 0x16ce6:$s5: DNGuard.SDK
Click to see the 41 entries

Sigma Signatures

System Summary

barindex
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe", ParentImage: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe, ParentProcessId: 6472, ParentProcessName: LisectAVT_2403002B_286.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline", ProcessId: 3848, ProcessName: csc.exe
Sigma detected: Dynamic CSharp Compile Artefact
Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe, ProcessId: 6472, TargetFilename: C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline

Data Obfuscation

barindex
Sigma detected: Dot net compiler compiles file from suspicious location
Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe", ParentImage: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe, ParentProcessId: 6472, ParentProcessName: LisectAVT_2403002B_286.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline", ProcessId: 3848, ProcessName: csc.exe

Snort Signatures

No Snort rule has matched

Suricata Signatures

Timestamp:2024-07-25T15:16:59.746186+0200
SID:2022930
Source Port:443
Destination Port:49732
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:2024-07-25T15:17:25.307313+0200
SID:2012510
Source Port:443
Destination Port:49749
Protocol:TCP
Classtype:Potentially Bad Traffic
Timestamp:2024-07-25T15:17:38.371108+0200
SID:2022930
Source Port:443
Destination Port:49758
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:2024-07-25T15:17:25.507948+0200
SID:2012510
Source Port:443
Destination Port:49749
Protocol:TCP
Classtype:Potentially Bad Traffic
Timestamp:2024-07-25T15:18:52.480080+0200
SID:2012510
Source Port:443
Destination Port:49815
Protocol:TCP
Classtype:Potentially Bad Traffic
Timestamp:2024-07-25T15:18:52.299166+0200
SID:2012510
Source Port:443
Destination Port:49818
Protocol:TCP
Classtype:Potentially Bad Traffic
Timestamp:2024-07-25T15:18:39.999941+0200
SID:2012510
Source Port:443
Destination Port:49800
Protocol:TCP
Classtype:Potentially Bad Traffic
Timestamp:2024-07-25T15:17:25.300914+0200
SID:2012510
Source Port:443
Destination Port:49749
Protocol:TCP
Classtype:Potentially Bad Traffic

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeAvira: detection malicious, Label: HEUR/AGEN.1315051
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAvira: detection malicious, Label: HEUR/AGEN.1315051
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.5% probability
Machine Learning detection for dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: LisectAVT_2403002B_286.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION LisectAVT_2403002B_286.exeJump to behavior
Source: LisectAVT_2403002B_286.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 185.199.108.153:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.105.38.12:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.42.20:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.185.44.232:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.185.44.232:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.181.92.223:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 217.197.91.145:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.166.250.135:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.185.44.232:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.153.35.66:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.185.44.232:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.153.35.66:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.153.35.66:443 -> 192.168.2.5:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.153.35.66:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: Binary string: v:\builds\boxedapp\files\8cc2254f\src\boxedapp\bxsdk\obj\win32\release_full\boxedappsdkthunk\BoxedAppSDKThunk.pdb source: LisectAVT_2403002B_286.exe
Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb source: Microsoft.Web.WebView2.Core.dll.13.dr
Source: Binary string: v:\builds\boxedapp\files\8cc2254f\src\boxedapp\bxsdk\bin\release_full\bxsdk32.pdb source: LisectAVT_2403002B_286.exe
Source: Binary string: V:\builds\BoxedApp\files\8CC2254F\src\BoxedApp\bxsdk\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb source: LisectAVT_2403002B_286.exe
Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\winforms_control\Microsoft.Web.WebView2.WinForms\obj\Release Stable APIs\net45\Microsoft.Web.WebView2.WinForms.pdb source: Microsoft.Web.WebView2.WinForms.dll.13.dr
Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb< source: Microsoft.Web.WebView2.Core.dll.13.dr
Source: Binary string: v:\builds\boxedapp\files\8cc2254f\src\boxedapp\bxsdk\obj\win32\release_full\tlssupport\TLSSupport.pdb source: LisectAVT_2403002B_286.exe
Source: Binary string: D:\Code\Others\SuWar3Tools\SuLibrary\obj\Release\SuLibrary.pdb source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2773345003.0000000008112000.00000020.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 00000009.00000003.2697372563.0000000007E68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2771084886.0000000008010000.00000004.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2820026041.0000000008010000.00000004.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2822734108.0000000008112000.00000020.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000003.2738044377.0000000007E61000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2882566524.0000000008112000.00000020.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000003.2807536228.0000000007E6D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2881628340.0000000008010000.00000004.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000D.00000003.2856843634.0000000007E63000.00000004.00000020.00020000.00000000.sdmp, SuLibrary.dll.13.dr
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E9ABB0 GetCurrentProcess,FindFirstFileW,VirtualProtect,lstrcmpiW,lstrcmpiW,lstrcmpiW,CreateFileW,GetFileSize,GetLastError,ReadFile,AddFontMemResourceEx,GetLastError,GetLastError,CloseHandle,FindNextFileW,FindClose,9_2_04E9ABB0
Source: global trafficHTTP traffic detected: GET /war3tools/9b91b8fa-37b4-449c-8b69-5f281377e2fb/_apis/git/repositories/5bda583c-2292-4cc4-8c71-78b44a037995/items?path=/README.md HTTP/1.1Host: dev.azure.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /war3tools/war3tools.github.io/raw/master/docs/README.md HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /README.md HTTP/1.1Host: war3tools.github.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /project/war3tools/README.md?viasf=1 HTTP/1.1Host: master.dl.sourceforge.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /war3tools/war3tools.github.io/master/docs/README.md HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /README.md HTTP/1.1Host: war3tools.suyx.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMyMTQzNV9iM2Q4ZmJjZC02ZjNkLTRiM2YtYTM1NS1iNjIyODI3MzJiOGI=?download=SuWar3Tools.zip&randomtime=638574961174603590 HTTP/1.1Host: nim-nosdn.netease.imCache-Control: no-cachePragma: no-cacheConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /war3tools/war3tools/raw/branch/master/README.md HTTP/1.1Host: codeberg.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /war3tools/war3tools/raw/branch/master/README.md HTTP/1.1Host: gitea.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ad/banner.html HTTP/1.1Host: war3tools.gitlab.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /x/web-interface/zone HTTP/1.1Host: api.bilibili.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ad/banner.html HTTP/1.1Host: war3tools.gitlab.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /x/web-interface/zone HTTP/1.1Host: api.bilibili.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /x/web-interface/zone HTTP/1.1Host: api.bilibili.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /x/web-interface/zone HTTP/1.1Host: api.bilibili.comConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 185.199.108.153 185.199.108.153
Source: Joe Sandbox ViewIP Address: 185.199.108.153 185.199.108.153
Source: Joe Sandbox ViewIP Address: 140.82.121.4 140.82.121.4
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Accept-Encoding: gzip, deflateHost: war3tools.suyx.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Host: war3tools.suyx.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Host: war3tools.suyx.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Host: war3tools.suyx.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Host: war3tools.suyx.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Host: war3tools.suyx.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: war3tools.suyx.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://war3tools.suyx.net/ad/header.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: __gads=ID=3db76bb96bc61d49:T=1721913518:RT=1721913518:S=ALNI_MZbG8Djp3HAW8YyEyDeBQyV0rWmGw; __gpi=UID=00000eb054b56a23:T=1721913518:RT=1721913518:S=ALNI_MZJu1M0eTihEZq4YzRBr59EBWirJA; __eoi=ID=32cb7227ae4b3b68:T=1721913519:RT=1721913519:S=AA-Afjb7JbXLXpChPgWfUKZXbNdF
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /war3tools/9b91b8fa-37b4-449c-8b69-5f281377e2fb/_apis/git/repositories/5bda583c-2292-4cc4-8c71-78b44a037995/items?path=/README.md HTTP/1.1Host: dev.azure.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /war3tools/war3tools.github.io/raw/master/docs/README.md HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /README.md HTTP/1.1Host: war3tools.github.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /project/war3tools/README.md?viasf=1 HTTP/1.1Host: master.dl.sourceforge.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /war3tools/war3tools.github.io/master/docs/README.md HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /README.md HTTP/1.1Host: war3tools.suyx.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Accept-Encoding: gzip, deflateHost: war3tools.suyx.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMyMTQzNV9iM2Q4ZmJjZC02ZjNkLTRiM2YtYTM1NS1iNjIyODI3MzJiOGI=?download=SuWar3Tools.zip&randomtime=638574961174603590 HTTP/1.1Host: nim-nosdn.netease.imCache-Control: no-cachePragma: no-cacheConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /war3tools/war3tools/raw/branch/master/README.md HTTP/1.1Host: codeberg.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /war3tools/war3tools/raw/branch/master/README.md HTTP/1.1Host: gitea.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Host: war3tools.suyx.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Host: war3tools.suyx.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Host: war3tools.suyx.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
Source: global trafficHTTP traffic detected: GET /ad/banner.html HTTP/1.1Host: war3tools.gitlab.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Host: war3tools.suyx.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
Source: global trafficHTTP traffic detected: GET /ad/header.html HTTP/1.1Host: war3tools.suyx.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
Source: global trafficHTTP traffic detected: GET /x/web-interface/zone HTTP/1.1Host: api.bilibili.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ad/banner.html HTTP/1.1Host: war3tools.gitlab.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /x/web-interface/zone HTTP/1.1Host: api.bilibili.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /x/web-interface/zone HTTP/1.1Host: api.bilibili.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /x/web-interface/zone HTTP/1.1Host: api.bilibili.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: war3tools.suyx.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://war3tools.suyx.net/ad/header.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: __gads=ID=3db76bb96bc61d49:T=1721913518:RT=1721913518:S=ALNI_MZbG8Djp3HAW8YyEyDeBQyV0rWmGw; __gpi=UID=00000eb054b56a23:T=1721913518:RT=1721913518:S=ALNI_MZJu1M0eTihEZq4YzRBr59EBWirJA; __eoi=ID=32cb7227ae4b3b68:T=1721913519:RT=1721913519:S=AA-Afjb7JbXLXpChPgWfUKZXbNdF
Source: global trafficDNS traffic detected: DNS query: dev.azure.com
Source: global trafficDNS traffic detected: DNS query: github.com
Source: global trafficDNS traffic detected: DNS query: war3tools.github.io
Source: global trafficDNS traffic detected: DNS query: master.dl.sourceforge.net
Source: global trafficDNS traffic detected: DNS query: war3tools.suyx.net
Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
Source: global trafficDNS traffic detected: DNS query: nim-nosdn.netease.im
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: gitea.com
Source: global trafficDNS traffic detected: DNS query: codeberg.org
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: war3tools.gitlab.io
Source: global trafficDNS traffic detected: DNS query: api.bilibili.com
Source: global trafficDNS traffic detected: DNS query: visitor-badge.laobi.icu
Source: global trafficDNS traffic detected: DNS query: hits.dwyl.com
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2651989893.0000000013977000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2651574314.0000000013973000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2651194631.0000000013970000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2651704249.0000000013975000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2651440514.0000000013972000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2651835940.0000000013976000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://.cdn.ampproject.netorg
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2609031626.0000000010713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://.cdn.ampproject.netorgA
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108955.kefu.easemob.com/v1/Tenant/108955/MediaFiles/6e07bc39-f04f-4785-8717-d6130c588db3U3VXY
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: csc.exe, 0000001C.00000002.3298788163.0000000004AF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.co
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/Date.HijriCalendar.debug.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/Date.HijriCalendar.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/Date.UmAlQuraCalendar.debug.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/Date.UmAlQuraCalendar.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjax.debug.jsT
Source: csc.exe, 00000016.00000003.3125138951.00000000052ED000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125791799.00000000052F4000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125381458.00000000052F1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3130968893.00000000052F5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3135656929.00000000052F6000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjax.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxApplicationServices.debug.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxApplicationServices.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxComponentModel.debug.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxComponentModel.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxCore.debug.jsT
Source: csc.exe, 00000016.00000002.3134952936.00000000052C8000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3267235462.0000000005108000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3297447721.0000000004AB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxCore.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxGlobalization.debug.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxGlobalization.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxHistory.debug.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxHistory.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxNetwork.debug.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxNetwork.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxSerialization.debug.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxSerialization.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxTimer.debug.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxTimer.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebForms.debug.jsT
Source: csc.exe, 00000016.00000002.3134952936.00000000052C8000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3267235462.0000000005108000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3297447721.0000000004AB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebForms.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebServices.debug.jsT
Source: csc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebServices.jsT
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2701846576.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2762718857.0000000006310000.00000004.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2815350308.00000000062F0000.00000004.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2872643403.00000000062A0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://boxedapp.com/boxedappsdk/order.html
Source: LisectAVT_2403002B_286.exeString found in binary or memory: http://boxedapp.com/boxedappsdk/order.htmlS:(ML;;NW;;;LW)U
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2808171126.0000000000AAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://boxedapp.com/boxedappsdk/order.html_
Source: LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2866433365.000000000094D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://boxedapp.com/boxedappsdk/order.htmlf
Source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2756783639.000000000096D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://boxedapp.com/boxedappsdk/order.htmlr
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673165753.0000000013FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e.length
Source: f[1].txt.0.drString found in binary or memory: http://google.com
Source: f[1].txt.0.drString found in binary or memory: http://googleads.g.doubleclick.net
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://googleads.g.doubleclick.netLf.http://googleads.g.doubleclick.net
Source: csc.exe, 00000019.00000003.3251655485.0000000005189000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3251370768.00000000051A5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3252719149.0000000005189000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3244944307.000000000512C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3251655485.0000000005178000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3262862553.00000000050C1000.00000004.00001000.00020000.00000000.sdmp, zkeqnbkw.0.cs.13.drString found in binary or memory: http://ip-api.com/json
Source: f[1].txt.0.drString found in binary or memory: http://mathiasbynens.be/
Source: f[1].txt.0.drString found in binary or memory: http://pagead2.googlesyndication.com
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pagead2.googlesyndication.com_Lf.http://pagead2.googlesyndication.com
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C50000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2603215891.000000001387F000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2608253242.0000000013880000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2607708668.000000001387F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://adsense.com.H
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2671207941.0000000013F37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://adsense.com.b.google_ad_client
Source: csc.exe, 00000019.00000003.3251655485.0000000005189000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3251370768.00000000051A5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3252719149.0000000005189000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3244944307.000000000512C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3251655485.0000000005178000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3262862553.00000000050C1000.00000004.00001000.00020000.00000000.sdmp, zkeqnbkw.0.cs.13.drString found in binary or memory: https://api.bilibili.com/x/web-interface/zone
Source: LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://cdn.ampproject.org/amp4ads-host-v0.js
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://cdn.ampproject.org/rtv/
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2646768862.000000000F535000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646639347.000000000F532000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2655068073.000000000F53D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646717732.000000000F534000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646680239.000000000F533000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646601399.000000000F531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ampproject.org/rtv/google_bottom_anchor_debuggoogle_ad_frequency_hintallow-popups-to-esc
Source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/war3tools/war3tools/raw/branch/master/README.md
Source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/war3tools/war3tools/raw/branch/master/update.txt
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/war3tools/war3tools/raw/branch/master/update.txtp
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F87000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2633370663.0000000013EF6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2633547622.0000000013EF8000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://cse.google.com/cse.js
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2646768862.000000000F535000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646639347.000000000F532000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2655068073.000000000F53D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646717732.000000000F534000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646680239.000000000F533000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646601399.000000000F531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cse.google.com/cse.jsgoogle_wrap_fullscreen_adGoogle
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dev.azure.com
Source: LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dev.azure.com/war3tools/9b91b8fa-37b4-449c-8b69-5f281377e2fb/_apis/git/repositories/5bda583c
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.internxt.com/sh/folder/79ed1b38-26b8-4cbc-818e-5687b072eb1f/c0c84fdce9486632690de15d1e
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673165753.0000000013FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://e.lengthe.lengthe.lengthe.lengthe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.pcloud.link/publink/show?code=kZuPfnZPMNuop5GahSHaMcaSxbojp7AXIFX
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.pcloud.link/publink/show?code=kZuPfnZPMNuop5GahSHaMcaSxbojp7AXIFX)
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://eapi.pcloud.com/getapiserver
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://eapi.pcloud.com/getapiserverapihttps:///getpublinkdownload?fileid=fileid&hashCache=hash&code
Source: f[1].txt.0.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Google
Source: f[1].txt.0.drString found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: f[1].txt.0.drString found in binary or memory: https://fundingchoicesmessages.google.com/i/%
Source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitea.com/war3tools/war3tools/raw/branch/master/README.mdlBcq
Source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitea.com/war3tools/war3tools/raw/branch/master/update.txt
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitea.com/war3tools/war3tools/raw/branch/master/update.txtp
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002F3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/war3tools/war3tools.github.io/raw/master/docs/README.mdp
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/war3tools/war3tools.gitlab.io
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/war3tools/war3tools.gitlab.io/-/blob/main/Others/AdvancedCodeDemo/README.md)
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/war3tools/war3tools.gitlab.io/-/blob/main/Others/ExtDll/README.md)
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/war3tools/war3tools.gitlab.io/-/blob/main/Others/SuWar3ToolsExtDemo/README.md)
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/war3tools/war3tools.gitlab.io/-/raw/main/public/images/SuWar3Tools.png
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/war3tools/war3tools.gitlab.io/-/raw/main/public/images/SuWar3ToolsAd.png
Source: f[1].txt.0.drString found in binary or memory: https://googleads.g.doubleclick.net
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2656788771.000000000F2C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7779916227810877&output=html&adk=181227
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2609031626.000000001071F000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2633008327.0000000013F25000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2609240005.0000000013EB1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2673165753.0000000013FA0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671207941.0000000013F37000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2587061684.000000000A1FF000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646639347.000000000F532000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2655068073.000000000F53D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646717732.000000000F534000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646680239.000000000F533000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646601399.000000000F531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20240723/r20110914/zrt_lookup.html
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.netLf.https://googleads.g.doubleclick.net
Source: csc.exe, 00000019.00000003.3251655485.0000000005189000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3252719149.0000000005189000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json?token=166
Source: csc.exe, 00000019.00000003.3251370768.00000000051A5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3244944307.000000000512C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3251655485.0000000005178000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3262862553.00000000050C1000.00000004.00001000.00020000.00000000.sdmp, zkeqnbkw.0.cs.13.drString found in binary or memory: https://ipinfo.io/json?token=1660032ac35c98
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002F45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://master.dl.sourceforge.net
Source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://master.dl.sourceforge.net/project/war3tools/README.md?viasf=1
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://master.dl.sourceforge.net/project/war3tools/README.md?viasf=1lBcq
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://master.dl.sourceforge.net/project/war3tools/SuWar3Tools.exe?viasf=1
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://master.dl.sourceforge.net/project/war3tools/SuWar3Tools.zip?viasf=1
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nim-nosdn.netease.im
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nim-nosdn.netease.im/MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxMjgxMTU3ODE4MV8xNDIwNjM4Zi0xZj
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nim-nosdn.netease.im/MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMwNDkxNF9jNWM0YWYyYy05ZD
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FEE000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nim-nosdn.netease.im/MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMyMTQzNV9iM2Q4ZmJjZC02Zj
Source: f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com
Source: f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=
Source: f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204
Source: f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=
Source: f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2633008327.0000000013F25000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2673165753.0000000013FA0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2654589142.00000000139B6000.00000004.00000800.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/html/
Source: f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673165753.0000000013FA0000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2633249058.0000000013F14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js(
Source: f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=
Source: LisectAVT_2403002B_286.exe, 0000000D.00000003.3215467232.000000002732C000.00000004.00000800.00020000.00000000.sdmp, header[1].htm.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7779916227810877
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2609031626.0000000010713000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671352272.0000000013F14000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2673846552.0000000013F7F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2633370663.0000000013EEC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2587265354.000000000A1EA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2587113384.000000000A1D7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2655216904.000000001385F000.00000004.00000800.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/err_rep.js
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2647506001.000000000FB1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/err_rep.jshttps://pagead2.googlesyndication.com/page
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671352272.0000000013F14000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2609340452.000000000A256000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2652989903.0000000013930000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2609665332.000000000A25A000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2587113384.000000000A1D7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2587346087.000000000A1D8000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/logging_library.js
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2647506001.000000000FB1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/logging_library.jshttps://pagead2.googlesyndication.
Source: f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2607433797.0000000013A45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/https://pagead2.googlesyndication.co
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2646404396.000000000F57B000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2655777991.000000000F57B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202407180101/autogames.js.
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2608373278.0000000013937000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202407180101/show_ads_impl.js
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202407180101/show_ads_impl.js?bust=
Source: LisectAVT_2403002B_286.exe, 0000000D.00000003.3215467232.000000002732C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202407220101/show_ads_impl_fy2021.j
Source: f[1].txt.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2671352272.0000000013F14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/pingt.globalThist.globalThis.fetch
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/pingu.globalThis
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.comLf.https://pagead2.googlesyndication.com.
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/war3tools/war3tools.github.io/master/docs/README.md
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s3.goftino.com/dl/2024/64f9848fe0efc04f9cbe549e/lelplhny2wfdap7dpqje9yw9/suwar3toolsext.zip
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2633008327.0000000013F25000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2673165753.0000000013FA0000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/war3tools/files/
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/war3tools/files/)
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://tpc.googlesyndication.com/sodar/
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002F45000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.github.io
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.github.io/README.mdp
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.github.io/update.txtp
Source: header[1].htm.0.drString found in binary or memory: https://war3tools.gitlab.io
Source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.gitlab.io/README.md
Source: csc.exe, 00000016.00000003.3114848635.00000000052EB000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3122034194.0000000005346000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3129215839.0000000005981000.00000004.00001000.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3131206056.00000000052E1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3135207185.00000000052E3000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3130750345.00000000052DE000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3122760329.0000000005335000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3289487980.00000000049F1000.00000004.00001000.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3279832793.0000000004B46000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3279832793.0000000004B37000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3280833487.0000000004B4A000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3274310204.0000000004ADB000.00000004.00000020.00020000.00000000.sdmp, srv33q4h.0.cs.13.dr, 1kjwnqt4.0.cs.13.drString found in binary or memory: https://war3tools.gitlab.io/ad/banner.html
Source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.gitlab.io/update.txt
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.gitlab.io/update.txtp
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/README.md
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000031EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.html
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2656788771.000000000F2C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.html$
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.html&pra=5&wgl=1&easpi=0&aihb=0&asro=0&ailel=27~1~2~4~6~7~8~9~1
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.html...
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2701846576.0000000000C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.html...TU
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2646949285.000000000F855000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2656752164.000000000F856000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.html4
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000003021000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.htmlT
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2701846576.0000000000BFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.html_286.dlll
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000003021000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.htmld
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2654812759.00000000139C1000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2670948414.00000000139C2000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2654701823.00000000139C0000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2654589142.00000000139B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.htmlhttps://pagead2.googlesyndication.com/pagead/js/adsbygoogle
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2609031626.0000000010713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.htmlhttps://war3tools.suyx.net/ad/header.htmlh
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000003021000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://war3tools.suyx.net/ad/header.htmlmhq
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2633122649.000000000A1FE000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671937255.000000000A258000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671670121.000000000A205000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671207941.0000000013F37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/adsense
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F87000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2633370663.0000000013EF6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2633547622.0000000013EF8000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2654589142.00000000139B6000.00000004.00000800.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://www.google.com/adsense/search/async-ads.js
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2654589142.00000000139B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/adsense3
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2601993674.000000000A22A000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2609340452.000000000A256000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2602037939.000000000A22F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2602104653.000000000A23A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/adsenseff
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2633122649.000000000A1FE000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671937255.000000000A258000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671670121.000000000A205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/adsensentact
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drString found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: f[1].txt.0.drString found in binary or memory: https://www.google.com/s2/favicons?sz=64&domain_url=
Source: f[1].txt.0.drString found in binary or memory: https://www.gstatic.com
Source: f[1].txt.0.drString found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/arrow_left_24px_grey_800.svg
Source: f[1].txt.0.drString found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/close_24px_grey_700.svg
Source: f[1].txt.0.drString found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/gpp_good_24px_blue_600.svg
Source: f[1].txt.0.drString found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/gpp_good_24px_grey_800.svg
Source: f[1].txt.0.drString found in binary or memory: https://www.gstatic.com/prose/protected/%
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.megadisk.net/cloud11/index.php/s/Yvt5smhuda8vxAn
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.megadisk.net/cloud11/index.php/s/Yvt5smhuda8vxAn)
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownHTTPS traffic detected: 185.199.108.153:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.105.38.12:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.42.20:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.185.44.232:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.185.44.232:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.181.92.223:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 217.197.91.145:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.166.250.135:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.185.44.232:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.153.35.66:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.185.44.232:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.153.35.66:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.153.35.66:443 -> 192.168.2.5:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.153.35.66:443 -> 192.168.2.5:49811 version: TLS 1.2

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 10.2.LisectAVT_2403002B_286.exe.3ba9550.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.3cf9550.5.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.92d5600.18.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.2.LisectAVT_2403002B_286.exe.8540000.27.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.2.LisectAVT_2403002B_286.exe.9990000.29.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.2.LisectAVT_2403002B_286.exe.815ef4c.26.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.99b0000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 13.3.LisectAVT_2403002B_286.exe.7eb016c.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.92d5600.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.3.LisectAVT_2403002B_286.exe.7eb4170.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 13.3.LisectAVT_2403002B_286.exe.7eb6170.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.2.LisectAVT_2403002B_286.exe.95959c8.28.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.3.LisectAVT_2403002B_286_Update.exe.7ebb170.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.2.LisectAVT_2403002B_286.exe.8110000.23.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.816a754.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.92d53f8.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.3.LisectAVT_2403002B_286_Update.exe.7eb516c.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.2.LisectAVT_2403002B_286.exe.9990000.29.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.8164f50.16.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.2.LisectAVT_2403002B_286.exe.3ba9550.6.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.99c0000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.3dc9550.5.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.3.LisectAVT_2403002B_286_Update.exe.7eba16c.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.3dc9550.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.815ef4c.16.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.3.LisectAVT_2403002B_286_Update.exe.7ec0170.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.3.LisectAVT_2403002B_286.exe.7eb9974.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.8110000.13.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.3.LisectAVT_2403002B_286_Update.exe.7ec5974.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.3.LisectAVT_2403002B_286.exe.7eae16c.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.2.LisectAVT_2403002B_286.exe.95959c8.28.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.816a754.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.815ef4c.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 0.3.LisectAVT_2403002B_286.exe.7f5fe60.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.8110000.13.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.2.LisectAVT_2403002B_286.exe.8164f50.25.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.3.LisectAVT_2403002B_286_Update.exe.7ec0974.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.8560000.17.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.8560000.17.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.99b0000.19.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.92d53f8.18.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 13.3.LisectAVT_2403002B_286.exe.7ebb974.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.3cf9550.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 10.2.LisectAVT_2403002B_286.exe.816a754.24.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 9.2.LisectAVT_2403002B_286_Update.exe.99c0000.19.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 11.2.LisectAVT_2403002B_286_Update.exe.8164f50.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 0000000B.00000002.2887278083.00000000099B0000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 00000009.00000002.2778525625.00000000099C0000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables packed with DNGuard Author: ditekSHen
Source: 0000000A.00000002.2831351105.0000000009990000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables packed with DNGuard Author: ditekSHen
PE file contains section with special chars
Source: LisectAVT_2403002B_286.exeStatic PE information: section name: .m!S
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C4C0 NtQueryVolumeInformationFile,0_2_04E5C4C0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E765A0 NtClose,0_2_04E765A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C5B0 NtSetSecurityObject,0_2_04E5C5B0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C500 NtFsControlFile,0_2_04E5C500
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E7E640 NtDeviceIoControlFile,0_2_04E7E640
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C0C0 NtWriteFile,0_2_04E5C0C0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C070 NtReadFile,0_2_04E5C070
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C1C0 NtCreateSection,0_2_04E5C1C0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C190 NtOpenSection,0_2_04E5C190
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C110 NtSetInformationFile,0_2_04E5C110
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C290 NtUnmapViewOfSection,0_2_04E5C290
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C200 NtMapViewOfSection,0_2_04E5C200
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C3A0 NtQueryAttributesFile,0_2_04E5C3A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5C350 NtQueryDirectoryFile,0_2_04E5C350
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E90D61 NtOpenFile,0_2_04E90D61
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E7CF50 NtQueryInformationProcess,0_2_04E7CF50
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E0F5C0 NtOpenFile,0_2_04E0F5C0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E0F150 NtOpenFile,NtOpenFile,NtQueryDirectoryFile,0_2_04E0F150
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E0B200 NtQueryInformationProcess,WNetGetConnectionW,NtOpenFile,NtOpenFile,NtQueryDirectoryFile,0_2_04E0B200
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5BCF0 NtOpenKey,0_2_04E5BCF0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5BFF0 NtCreateFile,0_2_04E5BFF0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5BFB0 NtOpenFile,0_2_04E5BFB0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E8DAB0 NtQueryInformationProcess,0_2_04E8DAB0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5BA80 NtDuplicateObject,0_2_04E5BA80
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E5BA50 NtClose,0_2_04E5BA50
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E77B00 NtSetSecurityObject,NtSetSecurityObject,0_2_04E77B00
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C4C0 NtQueryVolumeInformationFile,9_2_04E4C4C0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E665A0 NtClose,CloseHandle,9_2_04E665A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C5B0 NtSetSecurityObject,9_2_04E4C5B0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C500 NtFsControlFile,9_2_04E4C500
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E6E640 NtDeviceIoControlFile,NtOpenFile,CloseHandle,9_2_04E6E640
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C0C0 NtWriteFile,9_2_04E4C0C0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C070 NtReadFile,9_2_04E4C070
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C1C0 NtCreateSection,9_2_04E4C1C0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C190 NtOpenSection,9_2_04E4C190
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C110 NtSetInformationFile,9_2_04E4C110
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C290 NtUnmapViewOfSection,9_2_04E4C290
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C200 NtMapViewOfSection,9_2_04E4C200
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C3A0 NtQueryAttributesFile,9_2_04E4C3A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4C350 NtQueryDirectoryFile,9_2_04E4C350
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E80D60 TlsGetValue,NtOpenFile,9_2_04E80D60
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E6CF50 RtlInitUnicodeString,NtQueryInformationProcess,9_2_04E6CF50
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E94BD0 GetCurrentProcessId,wsprintfW,ConvertStringSecurityDescriptorToSecurityDescriptorW,ConvertStringSecurityDescriptorToSecurityDescriptorW,CreateMutexW,LocalFree,GetModuleHandleW,GetProcAddress,ConvertStringSecurityDescriptorToSecurityDescriptorW,InitializeSecurityDescriptor,GetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,NtSetSecurityObject,NtSetSecurityObject,LocalFree,9_2_04E94BD0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E90B90 GetTickCount,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,GetModuleHandleW,GetProcAddress,GetProcAddress,GetCurrentProcess,IsWow64Process,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RtlAddVectoredExceptionHandler,VirtualAlloc,VirtualAlloc,ConvertStringSecurityDescriptorToSecurityDescriptorW,InitializeSecurityDescriptor,GetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,VirtualAlloc,GetSystemInfo,GetVersionExW,RtlUpcaseUnicodeChar,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,ConvertSidToStringSidW,LocalFree,FindCloseChangeNotification,RtlInitUnicodeString,GetProcessHeap,HeapAlloc,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FindResourceW,LoadResource,LockResource,SizeofResource,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,GetComputerNameW,GetComputerNameW,GetLastError,GetProcessHeap,HeapReAlloc,GetComputerNameW,GetCurrentProcessId,RegOpenKeyW,RegOpenKeyW,RegCloseKey,NtQueryKey,NtQueryKey,RegCloseKey,RegOpenKeyW,NtQueryKey,RegCloseKey,NtCreateKey,NtOpenKey,NtQueryKey,CloseHandle,NtQueryAttributesFile,FileTimeToSystemTime,GetModuleHandleW,GetProcAddress,NtQueryInformationFile,SetLastError,CreateActCtxW,GetLastError,ConvertStringSecurityDescriptorToSecurityDescriptorW,9_2_04E90B90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DFF5C0 NtOpenFile,9_2_04DFF5C0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DFF150 NtOpenFile,NtOpenFile,NtQueryDirectoryFile,9_2_04DFF150
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DFB200 _chkstk,lstrcmpiW,TlsGetValue,TlsSetValue,GetCurrentProcess,NtQueryInformationProcess,WNetGetConnectionW,WNetGetConnectionW,RtlCompareUnicodeString,TlsGetValue,TlsSetValue,TlsGetValue,TlsSetValue,GetCurrentThreadId,InterlockedCompareExchange,RtlCompareUnicodeString,InterlockedExchange,InterlockedDecrement,ReleaseSemaphore,NtOpenFile,InterlockedExchange,InterlockedDecrement,ReleaseSemaphore,NtOpenFile,NtQueryDirectoryFile,9_2_04DFB200
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4BCF0 NtOpenKey,9_2_04E4BCF0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4BFF0 NtCreateFile,9_2_04E4BFF0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4BFB0 NtOpenFile,9_2_04E4BFB0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E85F30 TlsGetValue,NtClose,9_2_04E85F30
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DD9810 ResetEvent,RtlCompareUnicodeString,RtlCompareUnicodeString,SetEvent,GetCurrentThread,NtQueueApcThread,9_2_04DD9810
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E7DAB0 GetCurrentProcess,NtQueryInformationProcess,RtlCompareUnicodeString,9_2_04E7DAB0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4BA80 NtDuplicateObject,9_2_04E4BA80
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E4BA50 NtClose,9_2_04E4BA50
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E67B00 TlsGetValue,TlsGetValue,TlsSetValue,TlsSetValue,NtSetSecurityObject,TlsGetValue,TlsSetValue,NtSetSecurityObject,TlsGetValue,TlsSetValue,9_2_04E67B00
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E764A0 ReadProcessMemory,CreateFileW,ReadFile,ReadFile,SetFilePointer,ReadFile,CloseHandle,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,VirtualProtectEx,VirtualProtectEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,VirtualAllocEx,MapViewOfFile,UnmapViewOfFile,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,DuplicateHandle,GetLastError,GetLastError,VirtualAllocEx,GetLastError,WriteProcessMemory,GetLastError,VirtualAllocEx,GetLastError,WriteProcessMemory,GetLastError,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetLastError,GetCurrentProcess,DuplicateHandle,GetLastError,lstrlenW,lstrlenW,VirtualAllocEx,lstrlenW,WriteProcessMemory,lstrlenW,VirtualAllocEx,lstrlenW,WriteProcessMemory,lstrlenW,VirtualAllocEx,lstrlenW,WriteProcessMemory,lstrlenW,VirtualAllocEx,lstrlenW,WriteProcessMemory,lstrlenW,VirtualAllocEx,lstrlenW,WriteProcessMemory,GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,DuplicateHandle,CreateEventW,GetCurrentProcess,DuplicateHandle,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,VirtualProtectEx,VirtualProtectEx,WriteProcessMemory,VirtualProtectEx,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,WaitForMultipleObjects,ResumeThread,9_2_04E764A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E666D0 NtMapViewOfSection,9_2_04E666D0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E66760 NtUnmapViewOfSection,9_2_04E66760
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E6C0E0 NtQueryInformationProcess,ReadProcessMemory,9_2_04E6C0E0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E660F0 VirtualProtectEx,VirtualProtectEx,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,9_2_04E660F0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DF8000 GetCurrentThreadId,InterlockedCompareExchange,NtQueueApcThread,SetEvent,SetEvent,SetEvent,InterlockedExchange,InterlockedDecrement,ReleaseSemaphore,InterlockedExchange,InterlockedDecrement,ReleaseSemaphore,9_2_04DF8000
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E66190 NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,VirtualProtectEx,VirtualProtectEx,WriteProcessMemory,VirtualProtectEx,9_2_04E66190
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E823A0 TlsGetValue,GetCurrentThread,NtQueueApcThread,9_2_04E823A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DCADB0 ResetEvent,ResetEvent,ResetEvent,IsBadReadPtr,SetEvent,SetEvent,SetEvent,GetCurrentThread,NtQueueApcThread,9_2_04DCADB0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E7EEF0 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetCurrentDirectoryW,GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,LoadLibraryExW,CreateActCtxW,ActivateActCtx,DeactivateActCtx,FreeLibrary,VirtualProtect,GetModuleHandleW,VirtualProtect,VirtualProtect,GetModuleHandleW,LoadLibraryW,GetProcAddress,ExitProcess,ExitProcess,ExitProcess,CreateFileW,GetFileSize,ReadFile,CloseHandle,GetCurrentProcess,NtQueryInformationProcess,VirtualQuery,VirtualProtect,RtlInitUnicodeString,RtlInitUnicodeString,AttachConsole,AllocConsole,SetConsoleTitleW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetEnvironmentVariableW,SetEnvironmentVariableW,LoadLibraryExW,CreateActCtxW,ActivateActCtx,LoadLibraryW,LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetCommandLineW,LocalFree,LoadLibraryW,GetProcAddress,ExitProcess,ExitProcess,WaitForSingleObject,GetLastError,GetLastError,DeleteFileW,GetLastError,9_2_04E7EEF0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DCA8F0 ResetEvent,ResetEvent,ResetEvent,IsBadWritePtr,SetEvent,SetEvent,SetEvent,GetCurrentThread,NtQueueApcThread,9_2_04DCA8F0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DD0AD0 GetCurrentThreadId,InterlockedCompareExchange,InterlockedExchange,InterlockedDecrement,ReleaseSemaphore,InterlockedExchange,InterlockedDecrement,ReleaseSemaphore,NtSetIoCompletion,InterlockedExchange,InterlockedDecrement,ReleaseSemaphore,9_2_04DD0AD0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E67660 GetModuleHandleW,GetModuleHandleA,GetCurrentProcess,NtQueryInformationProcess,VirtualProtect,GetProcAddress,VirtualProtect,9_2_04E67660
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E99070 InterlockedCompareExchange,InterlockedCompareExchange,GetCurrentProcess,NtQueryInformationProcess,9_2_04E99070
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DF7170 NtSetIoCompletion,9_2_04DF7170
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DFF3B0 NtOpenSymbolicLinkObject,NtQuerySymbolicLinkObject,NtQuerySymbolicLinkObject,9_2_04DFF3B0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E09DF0 ResetEvent,SetEvent,GetCurrentThread,NtQueueApcThread,9_2_04E09DF0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E73E00 GetCurrentProcess,NtQueryInformationProcess,9_2_04E73E00
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E97970 GetCurrentProcess,GetCurrentProcessId,GetCurrentProcessId,GetCurrentProcessId,NtQueryInformationProcess,GetCurrentProcessId,9_2_04E97970
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E97930 GetCurrentProcess,GetCurrentProcessId,NtQueryInformationProcess,9_2_04E97930
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E6FB60 GetCurrentProcess,NtMapViewOfSection,RtlCreateActivationContext,9_2_04E6FB60
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E7E640: NtDeviceIoControlFile,0_2_04E7E640
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E8E1900_2_04E8E190
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E0B2000_2_04E0B200
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E600A00_2_04E600A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E7E1909_2_04E7E190
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E90B909_2_04E90B90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DFB2009_2_04DFB200
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E764A09_2_04E764A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E847B09_2_04E847B0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E500A09_2_04E500A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E7EEF09_2_04E7EEF0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E489209_2_04E48920
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E7CAD09_2_04E7CAD0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E455509_2_04E45550
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E016A09_2_04E016A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E891D09_2_04E891D0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E87CF09_2_04E87CF0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E9BC909_2_04E9BC90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DD3DD09_2_04DD3DD0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DCDAC09_2_04DCDAC0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_099E05589_2_099E0558
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_099E00409_2_099E0040
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_099E13689_2_099E1368
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_099E17609_2_099E1760
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_026560109_2_02656010
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265C2779_2_0265C277
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265C2789_2_0265C278
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265F2309_2_0265F230
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265600F9_2_0265600F
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_026571579_2_02657157
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_026571589_2_02657158
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_026596C89_2_026596C8
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265F4609_2_0265F460
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265EA279_2_0265EA27
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265EA289_2_0265EA28
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265AB909_2_0265AB90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265F83F9_2_0265F83F
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265F8889_2_0265F888
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265AE109_2_0265AE10
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0265ADB89_2_0265ADB8
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_09A1ADA89_2_09A1ADA8
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_02652CF79_2_02652CF7
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_02652D679_2_02652D67
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_02652D779_2_02652D77
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_02652D479_2_02652D47
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_02652D379_2_02652D37
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_02652DC89_2_02652DC8
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_02652D879_2_02652D87
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_02652D979_2_02652D97
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: String function: 04E30AB0 appears 50 times
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: String function: 04E69600 appears 90 times
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: String function: 04E50700 appears 67 times
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: String function: 04E940C0 appears 143 times
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: String function: 04E50510 appears 153 times
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2469473146.000000000440E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK.dll: vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000000.2167658246.00000000008A0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename2600ea26aee.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000000.2167380964.000000000046B000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000000.2167380964.0000000000576000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK.dll: vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2179041784.0000000000C68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNGuard.Runtime.dll@ vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2469473146.00000000042B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000031D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSuWar3Tools.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InternalNameOriginalFilename1.24.4.6387Maps\dota.w3x"D:\War\war3.exe" -windowCheckFilter ExceptionStartExe[path][args][WorkingDirectory][Arguments]StartExe Exceptioncmd.exe/c {0}:{1} vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2698785893.000000000046D000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2707214759.0000000003E41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2698167599.0000000000183000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNGuard.Runtime.dll@ vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2698167599.0000000000183000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNRuntime.dll4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2469473146.0000000004735000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSuWar3Tools.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename0 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2707214759.0000000003F6B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK.dll: vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2178912424.000000000974A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000031EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSuWar3Tools.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 00000000.00000003.2169352243.0000000007F4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSupport64.exe4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2830583255.0000000009540000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNGuard.Runtime.dll@ vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000003.2750513615.0000000009757000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2818060378.0000000007E40000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDNRuntime.dll4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2807622156.0000000000907000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSuWar3Tools.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2813624681.0000000004E4A000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK.dll: vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000003.2750693430.0000000000B1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNGuard.Runtime.dll@ vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811809330.000000000424D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK.dll: vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2807046039.000000000046D000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000003.2798814496.00000000040D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSuWar3Tools.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000000.2735618078.000000000046B000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811809330.00000000045DB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename49732f42286.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2820026041.0000000008010000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSuLibrary.dll4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000003.2798814496.0000000003BEE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000000.2735618078.0000000000576000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK.dll: vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811809330.00000000040D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSuWar3Tools.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811809330.00000000040D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2813624681.0000000004D40000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2822734108.0000000008112000.00000020.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSupport64.exe4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2822734108.0000000008112000.00000020.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSuBrowser.exe4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2822734108.0000000008112000.00000020.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSuLibrary.dll4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2806663592.0000000000183000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNGuard.Runtime.dll@ vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2806663592.0000000000183000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNRuntime.dll4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2819917748.0000000007FF0000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSupport64.exe4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2819917748.0000000007FF0000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSuBrowser.exe4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811809330.0000000003BCC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000003.2738044377.0000000007E61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSupport64.exe4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000003.2738044377.0000000007E61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSuBrowser.exe4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000003.2738044377.0000000007E61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSuLibrary.dll4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811809330.0000000003D43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK.dll: vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InternalNameOriginalFilename1.24.4.6387Maps\dota.w3x"D:\War\war3.exe" -windowCheckFilter ExceptionStartExe[path][args][WorkingDirectory][Arguments]StartExe Exceptioncmd.exe/c {0}:{1} vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2831351105.0000000009990000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDNGuard.Runtime.dll@ vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2827129816.0000000008546000.00000002.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDNRuntime.dll4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename@\cq OriginalFilename vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2811809330.0000000003BA7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNGuard.Runtime.dll@ vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000002.3423158024.000000000046D000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000000.2855480726.0000000000907000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename49732f42286.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000003.2865243137.0000000000C37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNGuard.Runtime.dll@ vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000000.2855007043.000000000046B000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000003.2856843634.0000000007E63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSupport64.exe4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000003.2856843634.0000000007E63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSuBrowser.exe4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000003.2856843634.0000000007E63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSuLibrary.dll4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000003.2948225846.00000000041D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename49732f42286.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000003.3134279389.0000000027234000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename49732f42286.exe" vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000002.3417089647.0000000000183000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNGuard.Runtime.dll@ vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000002.3417089647.0000000000183000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDNRuntime.dll4 vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000000.2855007043.0000000000576000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK.dll: vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000003.2948225846.0000000003E43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK.dll: vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exe, 0000000D.00000003.2948225846.0000000003CEE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exeBinary or memory string: OriginalFilenameBoxedAppSDK_AppDomainManager.dllP vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exeBinary or memory string: OriginalFilenameBoxedAppSDK.dll: vs LisectAVT_2403002B_286.exe
Source: LisectAVT_2403002B_286.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: 10.2.LisectAVT_2403002B_286.exe.3ba9550.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.3cf9550.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.92d5600.18.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.2.LisectAVT_2403002B_286.exe.8540000.27.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.2.LisectAVT_2403002B_286.exe.9990000.29.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.2.LisectAVT_2403002B_286.exe.815ef4c.26.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.99b0000.19.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 13.3.LisectAVT_2403002B_286.exe.7eb016c.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.92d5600.18.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.3.LisectAVT_2403002B_286.exe.7eb4170.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 13.3.LisectAVT_2403002B_286.exe.7eb6170.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.2.LisectAVT_2403002B_286.exe.95959c8.28.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.3.LisectAVT_2403002B_286_Update.exe.7ebb170.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.2.LisectAVT_2403002B_286.exe.8110000.23.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.816a754.14.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.92d53f8.18.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.3.LisectAVT_2403002B_286_Update.exe.7eb516c.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.2.LisectAVT_2403002B_286.exe.9990000.29.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.8164f50.16.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.2.LisectAVT_2403002B_286.exe.3ba9550.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.99c0000.19.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.3dc9550.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.3.LisectAVT_2403002B_286_Update.exe.7eba16c.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.3dc9550.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.815ef4c.16.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.3.LisectAVT_2403002B_286_Update.exe.7ec0170.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.3.LisectAVT_2403002B_286.exe.7eb9974.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.8110000.13.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.3.LisectAVT_2403002B_286_Update.exe.7ec5974.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.3.LisectAVT_2403002B_286.exe.7eae16c.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.2.LisectAVT_2403002B_286.exe.95959c8.28.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.816a754.15.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.815ef4c.15.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 0.3.LisectAVT_2403002B_286.exe.7f5fe60.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.8110000.13.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.2.LisectAVT_2403002B_286.exe.8164f50.25.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.3.LisectAVT_2403002B_286_Update.exe.7ec0974.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.8560000.17.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.8560000.17.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.99b0000.19.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.92d53f8.18.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 13.3.LisectAVT_2403002B_286.exe.7ebb974.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.3cf9550.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 10.2.LisectAVT_2403002B_286.exe.816a754.24.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.2.LisectAVT_2403002B_286_Update.exe.99c0000.19.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 11.2.LisectAVT_2403002B_286_Update.exe.8164f50.14.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 0000000B.00000002.2887278083.00000000099B0000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 00000009.00000002.2778525625.00000000099C0000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 0000000A.00000002.2831351105.0000000009990000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_EXE_Packed_DNGuard author = ditekSHen, description = Detects executables packed with DNGuard
Source: 9.3.LisectAVT_2403002B_286_Update.exe.7ebb170.1.raw.unpack, -.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 9.3.LisectAVT_2403002B_286_Update.exe.7ebb170.1.raw.unpack, -.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 9.2.LisectAVT_2403002B_286_Update.exe.8164f50.16.raw.unpack, -.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 9.2.LisectAVT_2403002B_286_Update.exe.8164f50.16.raw.unpack, -.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: LisectAVT_2403002B_286.exeBinary string: \??\UVMLite\??\Nsi\??\con\??\MountPointManager\??\CbFs3NrIoctl\??\PrlMiniRdrDN\Device\NETBT_TCPIP_\Device\LanmanDatagramReceiver\Device\RdpDr\Device\RasAcd\Device\WS2IFSL\Device\DeviceApi\\Device\KsecDD\Device\CNG\DosDevices\pipe\\Device\DfsClient\Device\Afd\Device\Csc\Device\Mailslot\\Device\NamedPipe\\??\pipe\
Source: LisectAVT_2403002B_286.exeBinary string: \Device\\??\UNC\??\Z:FullWriteCopyMergedNone
Source: classification engineClassification label: mal69.expl.evad.winEXE@24/35@25/11
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E2E780 CoCreateInstance,VariantClear,VariantClear,SysAllocString,SysAllocString,VariantClear,SysAllocString,VariantClear,VariantClear,SysAllocString,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,wsprintfW,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,9_2_04E2E780
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E90B90 GetTickCount,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,GetModuleHandleW,GetProcAddress,GetProcAddress,GetCurrentProcess,IsWow64Process,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RtlAddVectoredExceptionHandler,VirtualAlloc,VirtualAlloc,ConvertStringSecurityDescriptorToSecurityDescriptorW,InitializeSecurityDescriptor,GetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,VirtualAlloc,GetSystemInfo,GetVersionExW,RtlUpcaseUnicodeChar,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,ConvertSidToStringSidW,LocalFree,FindCloseChangeNotification,RtlInitUnicodeString,GetProcessHeap,HeapAlloc,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FindResourceW,LoadResource,LockResource,SizeofResource,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,GetComputerNameW,GetComputerNameW,GetLastError,GetProcessHeap,HeapReAlloc,GetComputerNameW,GetCurrentProcessId,RegOpenKeyW,RegOpenKeyW,RegCloseKey,NtQueryKey,NtQueryKey,RegCloseKey,RegOpenKeyW,NtQueryKey,RegCloseKey,NtCreateKey,NtOpenKey,NtQueryKey,CloseHandle,NtQueryAttributesFile,FileTimeToSystemTime,GetModuleHandleW,GetProcAddress,NtQueryInformationFile,SetLastError,CreateActCtxW,GetLastError,ConvertStringSecurityDescriptorToSecurityDescriptorW,9_2_04E90B90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile created: C:\Users\user\Desktop\SuWar3Tools.cfgJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\84C97AE0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_process_list_mutex_00000e68_0000112c
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_global_shared_mem_00000e68_0000112c
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_process_list_mutex_00001948_00001950
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_shared_env_mutex_0000159c_000018cc
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7072:120:WilError_03
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_global_shared_mem_00001410_00000c7c
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_process_list_mutex_00001294_0000146c
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_process_list_mutex_00001410_00000c7c
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5524:120:WilError_03
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_shared_env_mutex_00001294_0000146c
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: NULL
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_global_shared_mem_00001948_00001950
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_global_shared_mem_00001294_0000146c
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\bx_process_mutex_0000159c_000018cc_0000159c
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMutant created: \Sessions\1\BaseNamedObjects\bx_process_mutex_00001294_0000146c_00001294
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_shared_env_mutex_00001948_00001950
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_process_list_mutex_0000159c_000018cc
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMutant created: \Sessions\1\BaseNamedObjects\bx_process_mutex_00001410_00000c7c_00001410
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_shared_env_mutex_00001410_00000c7c
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5788:120:WilError_03
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\bx_process_mutex_00000e68_0000112c_00000e68
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\bx_process_mutex_00001948_00001950_00001948
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_global_shared_mem_0000159c_000018cc
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMutant created: \Sessions\1\BaseNamedObjects\boxedapp_shared_env_mutex_00000e68_0000112c
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile created: C:\Users\user\AppData\Local\Temp\SuWar3Tools
Source: LisectAVT_2403002B_286.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.72%
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile read: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe" "update" "LisectAVT_2403002B_286.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe" "update" "LisectAVT_2403002B_286.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3017.tmp" "c:\Users\user\AppData\Local\Temp\srv33q4h\CSCE64E61EBE53F4480B5C383A5A36CF7D1.TMP"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6262.tmp" "c:\Users\user\AppData\Local\Temp\zkeqnbkw\CSC5F800B2BAE9D475489BCBC699BC2FE5.TMP"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6D8E.tmp" "c:\Users\user\AppData\Local\Temp\1kjwnqt4\CSCF68404DF18AE46178AD88EB7B711C3F0.TMP"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe" "update" "LisectAVT_2403002B_286.exe"Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe"Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe" "update" "LisectAVT_2403002B_286.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.cmdline"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3017.tmp" "c:\Users\user\AppData\Local\Temp\srv33q4h\CSCE64E61EBE53F4480B5C383A5A36CF7D1.TMP"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6262.tmp" "c:\Users\user\AppData\Local\Temp\zkeqnbkw\CSC5F800B2BAE9D475489BCBC699BC2FE5.TMP"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6D8E.tmp" "c:\Users\user\AppData\Local\Temp\1kjwnqt4\CSCF68404DF18AE46178AD88EB7B711C3F0.TMP"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: msimg32.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: mscoree.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: sxs.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeSection loaded: mpr.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: msimg32.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: mscoree.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: sxs.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeSection loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile opened: C:\Users\user\Desktop\SuWar3Tools.cfgJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: OK
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: OK
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: OK
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: Run
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: OK
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: Run
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: OK
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: Run
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: OK
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: Run
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: OK
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: Run
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: OK
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeAutomated click: Run
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: LisectAVT_2403002B_286.exeStatic file information: File size 4861966 > 1048576
Source: LisectAVT_2403002B_286.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x135000
Source: LisectAVT_2403002B_286.exeStatic PE information: Raw size of .m!S is bigger than: 0x100000 < 0x1ba000
Source: LisectAVT_2403002B_286.exeStatic PE information: Raw size of .pdata is bigger than: 0x100000 < 0x143000
Source: Binary string: v:\builds\boxedapp\files\8cc2254f\src\boxedapp\bxsdk\obj\win32\release_full\boxedappsdkthunk\BoxedAppSDKThunk.pdb source: LisectAVT_2403002B_286.exe
Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb source: Microsoft.Web.WebView2.Core.dll.13.dr
Source: Binary string: v:\builds\boxedapp\files\8cc2254f\src\boxedapp\bxsdk\bin\release_full\bxsdk32.pdb source: LisectAVT_2403002B_286.exe
Source: Binary string: V:\builds\BoxedApp\files\8CC2254F\src\BoxedApp\bxsdk\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb source: LisectAVT_2403002B_286.exe
Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\winforms_control\Microsoft.Web.WebView2.WinForms\obj\Release Stable APIs\net45\Microsoft.Web.WebView2.WinForms.pdb source: Microsoft.Web.WebView2.WinForms.dll.13.dr
Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb< source: Microsoft.Web.WebView2.Core.dll.13.dr
Source: Binary string: v:\builds\boxedapp\files\8cc2254f\src\boxedapp\bxsdk\obj\win32\release_full\tlssupport\TLSSupport.pdb source: LisectAVT_2403002B_286.exe
Source: Binary string: D:\Code\Others\SuWar3Tools\SuLibrary\obj\Release\SuLibrary.pdb source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2773345003.0000000008112000.00000020.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 00000009.00000003.2697372563.0000000007E68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2771084886.0000000008010000.00000004.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2820026041.0000000008010000.00000004.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2822734108.0000000008112000.00000020.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000003.2738044377.0000000007E61000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2882566524.0000000008112000.00000020.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000003.2807536228.0000000007E6D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2881628340.0000000008010000.00000004.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000D.00000003.2856843634.0000000007E63000.00000004.00000020.00020000.00000000.sdmp, SuLibrary.dll.13.dr

Data Obfuscation

barindex
.NET source code contains potential unpacker
Source: 9.2.LisectAVT_2403002B_286_Update.exe.816a754.14.raw.unpack, MyCompiler.cs.Net Code: GeteObjectWithFullCod
Source: 9.2.LisectAVT_2403002B_286_Update.exe.816a754.14.raw.unpack, RemoteLoader.cs.Net Code: LoadByteAssembly System.Reflection.Assembly.Load(byte[])
Source: 9.2.LisectAVT_2403002B_286_Update.exe.816a754.14.raw.unpack, RemoteLoader.cs.Net Code: CompiledExec
Source: 9.2.LisectAVT_2403002B_286_Update.exe.816a754.14.raw.unpack, RemoteLoader.cs.Net Code: CompiledExecAsync
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.cmdline"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.cmdline"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.cmdline"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.cmdline"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E90B90 GetTickCount,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,GetModuleHandleW,GetProcAddress,GetProcAddress,GetCurrentProcess,IsWow64Process,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RtlAddVectoredExceptionHandler,VirtualAlloc,VirtualAlloc,ConvertStringSecurityDescriptorToSecurityDescriptorW,InitializeSecurityDescriptor,GetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,VirtualAlloc,GetSystemInfo,GetVersionExW,RtlUpcaseUnicodeChar,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,ConvertSidToStringSidW,LocalFree,FindCloseChangeNotification,RtlInitUnicodeString,GetProcessHeap,HeapAlloc,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FindResourceW,LoadResource,LockResource,SizeofResource,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,GetComputerNameW,GetComputerNameW,GetLastError,GetProcessHeap,HeapReAlloc,GetComputerNameW,GetCurrentProcessId,RegOpenKeyW,RegOpenKeyW,RegCloseKey,NtQueryKey,NtQueryKey,RegCloseKey,RegOpenKeyW,NtQueryKey,RegCloseKey,NtCreateKey,NtOpenKey,NtQueryKey,CloseHandle,NtQueryAttributesFile,FileTimeToSystemTime,GetModuleHandleW,GetProcAddress,NtQueryInformationFile,SetLastError,CreateActCtxW,GetLastError,ConvertStringSecurityDescriptorToSecurityDescriptorW,9_2_04E90B90
Source: LisectAVT_2403002B_286.exeStatic PE information: real checksum: 0x4a63cb should be: 0x4a61af
Source: LisectAVT_2403002B_286_Update.exe.0.drStatic PE information: real checksum: 0x512047 should be: 0x511f3a
Source: LisectAVT_2403002B_286.exe.9.drStatic PE information: real checksum: 0x512047 should be: 0x511f3a
Source: LisectAVT_2403002B_286.exeStatic PE information: section name: .m!S
Source: LisectAVT_2403002B_286_Update.exe.0.drStatic PE information: section name: .GS.
Source: LisectAVT_2403002B_286.exe.9.drStatic PE information: section name: .GS.
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_3_13B1F683 push es; retf 0_3_13B1F687
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_3_0DB09C5C push esi; ret 0_3_0DB09C5E
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_3_0DB09C5C push esi; ret 0_3_0DB09C5E
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_3_0DB09C5C push esi; ret 0_3_0DB09C5E
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_3_0DB09C5C push esi; ret 0_3_0DB09C5E
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_3_0DB09C5C push esi; ret 0_3_0DB09C5E
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_3_0DB09C5C push esi; ret 0_3_0DB09C5E
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_0043DF3D push ecx; ret 0_2_0043DF50
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_3_0931B3BD push esp; iretd 9_3_0931B3BE
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_3_0931D9FE push cs; ret 9_3_0931DA15
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_3_0931A7E3 push eax; retf 9_3_0931A7F6
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_3_0931E46D push es; retf 9_3_0931E470
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_3_0931B4A6 push esi; iretd 9_3_0931B4A7
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_3_0931E2F4 push edi; iretd 9_3_0931E2F5
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_0043DF5D push ecx; ret 9_2_0043DF70
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04EBBA64 pushfd ; iretd 9_2_04EBBA74
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_099D8390 push cs; iretd 9_2_099D8398
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_099D53A6 push cs; iretd 9_2_099D53B8
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_099D836B push cs; iretd 9_2_099D8374
Source: LisectAVT_2403002B_286.exeStatic PE information: section name: .m!S entropy: 7.6941834302880014
Source: LisectAVT_2403002B_286_Update.exe.0.drStatic PE information: section name: .GS. entropy: 7.697127639688447
Source: LisectAVT_2403002B_286.exe.9.drStatic PE information: section name: .GS. entropy: 7.697127639688447
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile created: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe.zip (copy)Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile created: C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\runtimes\win-x86\native\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile created: C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\Microsoft.Web.WebView2.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile created: C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\Microsoft.Web.WebView2.WinForms.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeFile created: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile created: C:\Users\user\AppData\Local\Temp\SuWar3Tools\SuLibrary\SuLibrary.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeFile created: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.dllJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Deletes itself after installation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeFile deleted: c:\users\user\desktop\lisectavt_2403002b_286.exe
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E90B90 GetTickCount,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,GetModuleHandleW,GetProcAddress,GetProcAddress,GetCurrentProcess,IsWow64Process,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RtlAddVectoredExceptionHandler,VirtualAlloc,VirtualAlloc,ConvertStringSecurityDescriptorToSecurityDescriptorW,InitializeSecurityDescriptor,GetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,VirtualAlloc,GetSystemInfo,GetVersionExW,RtlUpcaseUnicodeChar,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,ConvertSidToStringSidW,LocalFree,FindCloseChangeNotification,RtlInitUnicodeString,GetProcessHeap,HeapAlloc,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FindResourceW,LoadResource,LockResource,SizeofResource,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,GetComputerNameW,GetComputerNameW,GetLastError,GetProcessHeap,HeapReAlloc,GetComputerNameW,GetCurrentProcessId,RegOpenKeyW,RegOpenKeyW,RegCloseKey,NtQueryKey,NtQueryKey,RegCloseKey,RegOpenKeyW,NtQueryKey,RegCloseKey,NtCreateKey,NtOpenKey,NtQueryKey,CloseHandle,NtQueryAttributesFile,FileTimeToSystemTime,GetModuleHandleW,GetProcAddress,NtQueryInformationFile,SetLastError,CreateActCtxW,GetLastError,ConvertStringSecurityDescriptorToSecurityDescriptorW,9_2_04E90B90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeRDTSC instruction interceptor: First address: 641523 second address: 64157E instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esi+00000148h], ebx 0x00000008 bswap cx 0x0000000b cdq 0x0000000c mov dword ptr [esi+00000090h], ebx 0x00000012 mov dword ptr [esi+00000094h], ebx 0x00000018 lahf 0x00000019 mov dword ptr [esi+00000354h], ebx 0x0000001f cmovb ecx, ecx 0x00000022 movzx edx, cx 0x00000025 mov byte ptr [esp+18h], FFFFFF8Bh 0x0000002a movsx eax, ax 0x0000002d not dx 0x00000030 mov al, 19h 0x00000032 mov byte ptr [esp+19h], FFFFFFF8h 0x00000037 cdq 0x00000038 mov byte ptr [esp+1Ah], 0000003Bh 0x0000003d setnl dl 0x00000040 lahf 0x00000041 cbw 0x00000043 mov byte ptr [esp+1Bh], FFFFFFFBh 0x00000048 movsx eax, dx 0x0000004b movzx ecx, sp 0x0000004e bswap cx 0x00000051 mov eax, dword ptr [esp+18h] 0x00000055 mov dword ptr [esi+000001FCh], eax 0x0000005b rdtsc
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeRDTSC instruction interceptor: First address: 4038B7 second address: 4038F4 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, sp 0x00000005 mov byte ptr [esp+1Dh], FFFFFF84h 0x0000000a mov byte ptr [esp+1Eh], FFFFFFBFh 0x0000000f cmovb edx, eax 0x00000012 mov byte ptr [esp+1Fh], 00000019h 0x00000017 mov ecx, dword ptr [esp+1Ch] 0x0000001b mov al, 82h 0x0000001d cdq 0x0000001e movzx edx, si 0x00000021 mov dword ptr [esi+00000200h], ecx 0x00000027 cwd 0x00000029 setns al 0x0000002c push 00000100h 0x00000031 cmovle eax, ebx 0x00000034 mov byte ptr [esp+24h], 00000028h 0x00000039 mov byte ptr [esp+25h], bl 0x0000003d rdtsc
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeRDTSC instruction interceptor: First address: 661FC0 second address: 661FC9 instructions: 0x00000000 rdtsc 0x00000002 not ax 0x00000005 mov ecx, dword ptr [esp+14h] 0x00000009 rdtsc
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeRDTSC instruction interceptor: First address: 4038B7 second address: 4038F4 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, sp 0x00000005 mov byte ptr [esp+1Dh], FFFFFF84h 0x0000000a mov byte ptr [esp+1Eh], FFFFFFBFh 0x0000000f cmovb edx, eax 0x00000012 mov byte ptr [esp+1Fh], 00000019h 0x00000017 mov ecx, dword ptr [esp+1Ch] 0x0000001b mov al, 82h 0x0000001d cdq 0x0000001e movzx edx, si 0x00000021 mov dword ptr [esi+00000200h], ecx 0x00000027 cwd 0x00000029 setns al 0x0000002c push 00000100h 0x00000031 cmovle eax, ebx 0x00000034 mov byte ptr [esp+24h], 00000028h 0x00000039 mov byte ptr [esp+25h], bl 0x0000003d rdtsc
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeRDTSC instruction interceptor: First address: 661FC0 second address: 661FC9 instructions: 0x00000000 rdtsc 0x00000002 not ax 0x00000005 mov ecx, dword ptr [esp+14h] 0x00000009 rdtsc
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 2700000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 2DD0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 2840000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 10550000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 10960000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 10AE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 10B00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 10D40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 13990000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 13A50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 13A70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 13AB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 13AD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMemory allocated: 2610000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMemory allocated: 2DC0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMemory allocated: 27C0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 2630000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 2BA0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 4BA0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMemory allocated: 2A90000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMemory allocated: 2CF0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeMemory allocated: 2AF0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 2630000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 2CA0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: 2670000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeWindow / User API: threadDelayed 2452Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeWindow / User API: threadDelayed 5612Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeWindow / User API: threadDelayed 1043
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeWindow / User API: threadDelayed 1713
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeWindow / User API: threadDelayed 5659
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeWindow / User API: threadDelayed 4050
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\runtimes\win-x86\native\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\Microsoft.Web.WebView2.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\Microsoft.Web.WebView2.WinForms.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\SuWar3Tools\SuLibrary\SuLibrary.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_9-129173
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeAPI coverage: 7.8 %
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe TID: 1784Thread sleep time: -54000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe TID: 5248Thread sleep time: -36900s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe TID: 4484Thread sleep time: -20291418481080494s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe TID: 6364Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe TID: 3792Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe TID: 2520Thread sleep time: -8301034833169293s >= -30000s
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe TID: 6208Thread sleep count: 1043 > 30
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe TID: 6208Thread sleep count: 1713 > 30
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe TID: 5884Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe TID: 6428Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe TID: 2968Thread sleep time: -34126476536362649s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E9ABB0 GetCurrentProcess,FindFirstFileW,VirtualProtect,lstrcmpiW,lstrcmpiW,lstrcmpiW,CreateFileW,GetFileSize,GetLastError,ReadFile,AddFontMemResourceEx,GetLastError,GetLastError,CloseHandle,FindNextFileW,FindClose,9_2_04E9ABB0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E75880 GetSystemInfo,0_2_04E75880
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeThread delayed: delay time: 922337203685477
Source: LisectAVT_2403002B_286.exeBinary or memory string: VMware
Source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2756783639.00000000009CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}l
Source: LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2882953244.00000000083FB000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2866433365.000000000099F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\l
Source: LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2882953244.00000000083FB000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \Device\MountPointManager00025VMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2866433365.000000000099F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}mb
Source: LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2882953244.00000000083FB000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}fb8b}`
Source: LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2882953244.00000000083FB000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \Device\00000025en_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}fb8b}^
Source: LisectAVT_2403002B_286.exe, 0000000A.00000002.2830816575.00000000097A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}V
Source: LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2756783639.00000000009CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\`
Source: LisectAVT_2403002B_286.exeBinary or memory string: ErrorUnknown ,Version=Culture=PublicKeyToken=ProcessorArchitecture=neutral0 ., - Virtual Machine Network Services DriverVMwareBluetoothWiFiWLan802.11%02X-%02X-%02X-%02X-%02X-%02XCreate Com failed.root\cimv2Can't Connect to WMI Service: HR: 0x%X, LastError: 0x%XWMI ACCESS_DENIEDset proxy failed|:InterfaceTypeUSBIndexManufacturerProductSerialNumberVersionWin32_BaseBoardNameSMBIOSBIOSVersionWin32_BIOSProcessorIdWin32_ProcessorModelWin32_DiskDriveWin32_PhysicalMedia%.4X
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_04E8DB90 LdrLoadDll,0_2_04E8DB90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04DDD230 GetCurrentThreadId,InterlockedCompareExchange,InterlockedExchange,InterlockedDecrement,ReleaseSemaphore,IsDebuggerPresent,RaiseException,9_2_04DDD230
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E90B90 GetTickCount,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,GetModuleHandleW,GetProcAddress,GetProcAddress,GetCurrentProcess,IsWow64Process,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RtlAddVectoredExceptionHandler,VirtualAlloc,VirtualAlloc,ConvertStringSecurityDescriptorToSecurityDescriptorW,InitializeSecurityDescriptor,GetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,VirtualAlloc,GetSystemInfo,GetVersionExW,RtlUpcaseUnicodeChar,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,ConvertSidToStringSidW,LocalFree,FindCloseChangeNotification,RtlInitUnicodeString,GetProcessHeap,HeapAlloc,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FindResourceW,LoadResource,LockResource,SizeofResource,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,GetComputerNameW,GetComputerNameW,GetLastError,GetProcessHeap,HeapReAlloc,GetComputerNameW,GetCurrentProcessId,RegOpenKeyW,RegOpenKeyW,RegCloseKey,NtQueryKey,NtQueryKey,RegCloseKey,RegOpenKeyW,NtQueryKey,RegCloseKey,NtCreateKey,NtOpenKey,NtQueryKey,CloseHandle,NtQueryAttributesFile,FileTimeToSystemTime,GetModuleHandleW,GetProcAddress,NtQueryInformationFile,SetLastError,CreateActCtxW,GetLastError,ConvertStringSecurityDescriptorToSecurityDescriptorW,9_2_04E90B90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E90B90 GetTickCount,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,GetModuleHandleW,GetProcAddress,GetProcAddress,GetCurrentProcess,IsWow64Process,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RtlAddVectoredExceptionHandler,VirtualAlloc,VirtualAlloc,ConvertStringSecurityDescriptorToSecurityDescriptorW,InitializeSecurityDescriptor,GetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,VirtualAlloc,GetSystemInfo,GetVersionExW,RtlUpcaseUnicodeChar,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,ConvertSidToStringSidW,LocalFree,FindCloseChangeNotification,RtlInitUnicodeString,GetProcessHeap,HeapAlloc,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FindResourceW,LoadResource,LockResource,SizeofResource,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,GetComputerNameW,GetComputerNameW,GetLastError,GetProcessHeap,HeapReAlloc,GetComputerNameW,GetCurrentProcessId,RegOpenKeyW,RegOpenKeyW,RegCloseKey,NtQueryKey,NtQueryKey,RegCloseKey,RegOpenKeyW,NtQueryKey,RegCloseKey,NtCreateKey,NtOpenKey,NtQueryKey,CloseHandle,NtQueryAttributesFile,FileTimeToSystemTime,GetModuleHandleW,GetProcAddress,NtQueryInformationFile,SetLastError,CreateActCtxW,GetLastError,ConvertStringSecurityDescriptorToSecurityDescriptorW,9_2_04E90B90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E90B90 GetTickCount,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,GetModuleHandleW,GetProcAddress,GetProcAddress,GetCurrentProcess,IsWow64Process,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RtlAddVectoredExceptionHandler,VirtualAlloc,VirtualAlloc,ConvertStringSecurityDescriptorToSecurityDescriptorW,InitializeSecurityDescriptor,GetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,VirtualAlloc,GetSystemInfo,GetVersionExW,RtlUpcaseUnicodeChar,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,ConvertSidToStringSidW,LocalFree,FindCloseChangeNotification,RtlInitUnicodeString,GetProcessHeap,HeapAlloc,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FindResourceW,LoadResource,LockResource,SizeofResource,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,GetComputerNameW,GetComputerNameW,GetLastError,GetProcessHeap,HeapReAlloc,GetComputerNameW,GetCurrentProcessId,RegOpenKeyW,RegOpenKeyW,RegCloseKey,NtQueryKey,NtQueryKey,RegCloseKey,RegOpenKeyW,NtQueryKey,RegCloseKey,NtCreateKey,NtOpenKey,NtQueryKey,CloseHandle,NtQueryAttributesFile,FileTimeToSystemTime,GetModuleHandleW,GetProcAddress,NtQueryInformationFile,SetLastError,CreateActCtxW,GetLastError,ConvertStringSecurityDescriptorToSecurityDescriptorW,9_2_04E90B90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E9CD00 VirtualAlloc,InterlockedCompareExchange,GetProcAddress,InterlockedCompareExchange,RtlAddVectoredExceptionHandler,9_2_04E9CD00
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Contains functionality to inject threads in other processes
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E764A0 ReadProcessMemory,CreateFileW,ReadFile,ReadFile,SetFilePointer,ReadFile,CloseHandle,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,VirtualProtectEx,VirtualProtectEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,VirtualAllocEx,MapViewOfFile,UnmapViewOfFile,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,DuplicateHandle,GetLastError,GetLastError,VirtualAllocEx,GetLastError,WriteProcessMemory,GetLastError,VirtualAllocEx,GetLastError,WriteProcessMemory,GetLastError,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetLastError,GetCurrentProcess,DuplicateHandle,GetLastError,lstrlenW,lstrlenW,VirtualAllocEx,lstrlenW,WriteProcessMemory,lstrlenW,VirtualAllocEx,lstrlenW,WriteProcessMemory,lstrlenW,VirtualAllocEx,lstrlenW,WriteProcessMemory,lstrlenW,VirtualAllocEx,lstrlenW,WriteProcessMemory,lstrlenW,VirtualAllocEx,lstrlenW,WriteProcessMemory,GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,DuplicateHandle,CreateEventW,GetCurrentProcess,DuplicateHandle,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,VirtualProtectEx,VirtualProtectEx,WriteProcessMemory,VirtualProtectEx,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,GetCurrentThreadId,InterlockedCompareExchange,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,WaitForMultipleObjects,ResumeThread,9_2_04E764A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe" "update" "LisectAVT_2403002B_286.exe"Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe"Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe" "update" "LisectAVT_2403002B_286.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_286.exe "C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.cmdline"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3017.tmp" "c:\Users\user\AppData\Local\Temp\srv33q4h\CSCE64E61EBE53F4480B5C383A5A36CF7D1.TMP"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6262.tmp" "c:\Users\user\AppData\Local\Temp\zkeqnbkw\CSC5F800B2BAE9D475489BCBC699BC2FE5.TMP"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6D8E.tmp" "c:\Users\user\AppData\Local\Temp\1kjwnqt4\CSCF68404DF18AE46178AD88EB7B711C3F0.TMP"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E94BD0 GetCurrentProcessId,wsprintfW,ConvertStringSecurityDescriptorToSecurityDescriptorW,ConvertStringSecurityDescriptorToSecurityDescriptorW,CreateMutexW,LocalFree,GetModuleHandleW,GetProcAddress,ConvertStringSecurityDescriptorToSecurityDescriptorW,InitializeSecurityDescriptor,GetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,NtSetSecurityObject,NtSetSecurityObject,LocalFree,9_2_04E94BD0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,9_2_04E698C0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-gb_0b85a8bb8c7e851a.manifest VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-gb_0b85a8bb8c7e851a.manifest VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-gb_0b85a8bb8c7e851a.manifest VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-gb_0b85a8bb8c7e851a.manifest VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-gb_0b85a8bb8c7e851a.manifest VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-gb_0b85a8bb8c7e851a.manifest VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-gb_0b85a8bb8c7e851a.manifest VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\WinSxS\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-gb_0b85a8bb8c7e851a.manifest VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\Microsoft.Web.WebView2.WinForms.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\Microsoft.Web.WebView2.Core.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Users\user\AppData\Local\Temp\SuWar3Tools\SuLibrary\SuLibrary.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll VolumeInformation
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeCode function: 0_2_00445F06 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00445F06
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E90B90 GetTickCount,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,TlsAlloc,GetModuleHandleW,GetProcAddress,GetProcAddress,GetCurrentProcess,IsWow64Process,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RtlAddVectoredExceptionHandler,VirtualAlloc,VirtualAlloc,ConvertStringSecurityDescriptorToSecurityDescriptorW,InitializeSecurityDescriptor,GetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorSacl,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,VirtualAlloc,GetSystemInfo,GetVersionExW,RtlUpcaseUnicodeChar,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,ConvertSidToStringSidW,LocalFree,FindCloseChangeNotification,RtlInitUnicodeString,GetProcessHeap,HeapAlloc,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FindResourceW,LoadResource,LockResource,SizeofResource,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,GetComputerNameW,GetComputerNameW,GetLastError,GetProcessHeap,HeapReAlloc,GetComputerNameW,GetCurrentProcessId,RegOpenKeyW,RegOpenKeyW,RegCloseKey,NtQueryKey,NtQueryKey,RegCloseKey,RegOpenKeyW,NtQueryKey,RegCloseKey,NtCreateKey,NtOpenKey,NtQueryKey,CloseHandle,NtQueryAttributesFile,FileTimeToSystemTime,GetModuleHandleW,GetProcAddress,NtQueryInformationFile,SetLastError,CreateActCtxW,GetLastError,ConvertStringSecurityDescriptorToSecurityDescriptorW,9_2_04E90B90
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATIONJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E8E010 BoxedAppSDK_IPC_RemoveListener,9_2_04E8E010
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E8F960 BoxedAppSDK_IPC_AddListenerA,9_2_04E8F960
Source: C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exeCode function: 9_2_04E8F900 BoxedAppSDK_IPC_AddListenerW,9_2_04E8F900

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts2
Native API		1
Scripting		111
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory121
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook31
Virtualization/Sandbox Evasion		NTDS31
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script111
Process Injection		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Deobfuscate/Decode Files or Information		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
Obfuscated Files or Information		DCSync136
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Software Packing		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
DLL Side-Loading		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
File Deletion		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1481863 Sample: LisectAVT_2403002B_286.exe Startdate: 25/07/2024 Architecture: WINDOWS Score: 69 71 war3tools.suyx.net 2->71 73 war3tools.gitlab.io 2->73 75 17 other IPs or domains 2->75 97 Malicious sample detected (through community Yara rule) 2->97 99 .NET source code contains potential unpacker 2->99 101 Machine Learning detection for sample 2->101 103 3 other signatures 2->103 12 LisectAVT_2403002B_286.exe 21 16 2->12         started        signatures3 process4 dnsIp5 83 nim-nosdn.netease.im.w.kunluncan.com 163.181.92.223, 443, 49750 TAOBAOZhejiangTaobaoNetworkCoLtdCN United States 12->83 85 dev.azure.com 13.107.42.20, 443, 49738 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 12->85 87 6 other IPs or domains 12->87 59 LisectAVT_2403002B...date.exe.zip (copy), PE32 12->59 dropped 61 C:\...\LisectAVT_2403002B_286_Update.exe, PE32 12->61 dropped 63 C:\Users\...\LisectAVT_2403002B_286.exe.log, ASCII 12->63 dropped 107 Antivirus detection for dropped file 12->107 109 Machine Learning detection for dropped file 12->109 111 Tries to detect virtualization through RDTSC time measurements 12->111 17 LisectAVT_2403002B_286_Update.exe 3 12->17         started        file6 signatures7 process8 file9 49 C:\Users\user\...\LisectAVT_2403002B_286.exe, PE32 17->49 dropped 89 Antivirus detection for dropped file 17->89 91 Machine Learning detection for dropped file 17->91 93 Contains functionality to inject threads in other processes 17->93 95 Tries to detect virtualization through RDTSC time measurements 17->95 21 LisectAVT_2403002B_286.exe 4 17->21         started        signatures10 process11 process12 23 LisectAVT_2403002B_286_Update.exe 21->23         started        signatures13 105 Deletes itself after installation 23->105 26 LisectAVT_2403002B_286.exe 23->26         started        process14 dnsIp15 77 codeberg.org 217.197.91.145, 443, 49764 IN-BERLIN-ASIndividualNetworkBerlineVDE Germany 26->77 79 i.w.bilicdn1.com 148.153.35.66, 443, 49804, 49807 CDSC-AS1US United States 26->79 81 gitea.com 18.166.250.135, 443, 49763 AMAZON-02US United States 26->81 51 C:\Users\user\AppData\...\WebView2Loader.dll, PE32 26->51 dropped 53 C:\...\Microsoft.Web.WebView2.WinForms.dll, PE32 26->53 dropped 55 C:\Users\...\Microsoft.Web.WebView2.Core.dll, PE32 26->55 dropped 57 2 other malicious files 26->57 dropped 30 csc.exe 26->30         started        33 csc.exe 26->33         started        35 csc.exe 26->35         started        file16 process17 file18 65 C:\Users\user\AppData\Local\...\srv33q4h.dll, PE32 30->65 dropped 37 conhost.exe 30->37         started        39 cvtres.exe 30->39         started        67 C:\Users\user\AppData\Local\...\zkeqnbkw.dll, PE32 33->67 dropped 41 conhost.exe 33->41         started        43 cvtres.exe 33->43         started        69 C:\Users\user\AppData\Local\...\1kjwnqt4.dll, PE32 35->69 dropped 45 conhost.exe 35->45         started        47 cvtres.exe 35->47         started        process19

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
LisectAVT_2403002B_286.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe100%AviraHEUR/AGEN.1315051
C:\Users\user\Desktop\LisectAVT_2403002B_286.exe100%AviraHEUR/AGEN.1315051
C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe100%Joe Sandbox ML
C:\Users\user\Desktop\LisectAVT_2403002B_286.exe100%Joe Sandbox ML

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn.ampproject.org/amp4ads-host-v0.js0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://mathiasbynens.be/0%URL Reputationsafe
http://ip-api.com/json0%URL Reputationsafe
http://.cdn.ampproject.netorg0%Avira URL Cloudsafe
https://api.bilibili.com/x/web-interface/zone0%Avira URL Cloudsafe
https://war3tools.suyx.net/ad/header0%Avira URL Cloudsafe
https://war3tools.suyx.net/ad/header.html_286.dlll0%Avira URL Cloudsafe
https://www.megadisk.net/cloud11/index.php/s/Yvt5smhuda8vxAn0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxHistory.debug.jsT0%Avira URL Cloudsafe
https://googleads.g.doubleclick.net/pagead/html/r20240723/r20110914/zrt_lookup.html0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxApplicationServices.jsT0%Avira URL Cloudsafe
http://ajax.aspnetcdn.co0%Avira URL Cloudsafe
https://github.com/war3tools/war3tools.github.io/raw/master/docs/README.md0%Avira URL Cloudsafe
https://war3tools.suyx.net/ad/header.html0%Avira URL Cloudsafe
https://e.pcloud.link/publink/show?code=kZuPfnZPMNuop5GahSHaMcaSxbojp7AXIFX)0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxGlobalization.jsT0%Avira URL Cloudsafe
http://boxedapp.com/boxedappsdk/order.htmlS:(ML;;NW;;;LW)U0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/Date.HijriCalendar.jsT0%Avira URL Cloudsafe
https://war3tools.suyx.net/favicon.ico0%Avira URL Cloudsafe
http://108955.kefu.easemob.com/v1/Tenant/108955/MediaFiles/6e07bc39-f04f-4785-8717-d6130c588db3U3VXY0%Avira URL Cloudsafe
https://eapi.pcloud.com/getapiserver0%Avira URL Cloudsafe
https://gitea.com/war3tools/war3tools/raw/branch/master/update.txtp0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebForms.debug.jsT0%Avira URL Cloudsafe
https://gitea.com/war3tools/war3tools/raw/branch/master/update.txt0%Avira URL Cloudsafe
https://war3tools.suyx.net0%Avira URL Cloudsafe
https://codeberg.org/war3tools/war3tools/raw/branch/master/update.txt0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/Date.HijriCalendar.debug.jsT0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxComponentModel.debug.jsT0%Avira URL Cloudsafe
https://dev.azure.com/war3tools/9b91b8fa-37b4-449c-8b69-5f281377e2fb/_apis/git/repositories/5bda583c0%Avira URL Cloudsafe
https://gitlab.com/war3tools/war3tools.gitlab.io/-/raw/main/public/images/SuWar3Tools.png0%Avira URL Cloudsafe
https://fundingchoicesmessages.google.com/i/%0%Avira URL Cloudsafe
https://codeberg.org/war3tools/war3tools/raw/branch/master/README.md0%Avira URL Cloudsafe
https://sourceforge.net/projects/war3tools/files/0%Avira URL Cloudsafe
https://master.dl.sourceforge.net/project/war3tools/README.md?viasf=10%Avira URL Cloudsafe
https://bitbucket.org/0%Avira URL Cloudsafe
https://drive.internxt.com/sh/folder/79ed1b38-26b8-4cbc-818e-5687b072eb1f/c0c84fdce9486632690de15d1e0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxTimer.jsT0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxApplicationServices.debug.jsT0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxNetwork.jsT0%Avira URL Cloudsafe
https://war3tools.github.io/update.txtp0%Avira URL Cloudsafe
https://master.dl.sourceforge.net/project/war3tools/SuWar3Tools.zip?viasf=10%Avira URL Cloudsafe
https://www.google.com/adsense0%Avira URL Cloudsafe
https://gitea.com/war3tools/war3tools/raw/branch/master/README.mdlBcq0%Avira URL Cloudsafe
https://www.megadisk.net/cloud11/index.php/s/Yvt5smhuda8vxAn)0%Avira URL Cloudsafe
https://gitea.com/war3tools/war3tools/raw/branch/master/README.md0%Avira URL Cloudsafe
https://nim-nosdn.netease.im/MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMyMTQzNV9iM2Q4ZmJjZC02Zj0%Avira URL Cloudsafe
https://nim-nosdn.netease.im0%Avira URL Cloudsafe
https://www.google.com/adsense/search/async-ads.js0%Avira URL Cloudsafe
https://www.google.com/adsense30%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxTimer.debug.jsT0%Avira URL Cloudsafe
https://adsense.com.H0%Avira URL Cloudsafe
https://war3tools.gitlab.io/README.md0%Avira URL Cloudsafe
https://raw.githubusercontent.com0%Avira URL Cloudsafe
http://.cdn.ampproject.netorgA0%Avira URL Cloudsafe
https://nim-nosdn.netease.im/MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxMjgxMTU3ODE4MV8xNDIwNjM4Zi0xZj0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/Date.UmAlQuraCalendar.debug.jsT0%Avira URL Cloudsafe
https://war3tools.gitlab.io/update.txt0%Avira URL Cloudsafe
http://e.length0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxCore.jsT0%Avira URL Cloudsafe
https://war3tools.gitlab.io/ad/banner.html0%Avira URL Cloudsafe
http://googleads.g.doubleclick.net0%Avira URL Cloudsafe
https://eapi.pcloud.com/getapiserverapihttps:///getpublinkdownload?fileid=fileid&hashCache=hash&code0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjax.jsT0%Avira URL Cloudsafe
https://codeberg.org/war3tools/war3tools/raw/branch/master/update.txtp0%Avira URL Cloudsafe
https://adsense.com.b.google_ad_client0%Avira URL Cloudsafe
https://war3tools.suyx.net/ad/header.htmlmhq0%Avira URL Cloudsafe
https://gitlab.com/war3tools/war3tools.gitlab.io/-/blob/main/Others/ExtDll/README.md)0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxNetwork.debug.jsT0%Avira URL Cloudsafe
https://github.com0%Avira URL Cloudsafe
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7779916227810877&output=html&adk=1812270%Avira URL Cloudsafe
https://e.lengthe.lengthe.lengthe.lengthe0%Avira URL Cloudsafe
https://googleads.g.doubleclick.net/pagead/html/0%Avira URL Cloudsafe
https://www.google.com/adsensentact0%Avira URL Cloudsafe
http://googleads.g.doubleclick.netLf.http://googleads.g.doubleclick.net0%Avira URL Cloudsafe
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html0%Avira URL Cloudsafe
https://war3tools.gitlab.io0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxComponentModel.jsT0%Avira URL Cloudsafe
https://war3tools.suyx.net/ad/header.html...TU0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebForms.jsT0%Avira URL Cloudsafe
http://google.com0%Avira URL Cloudsafe
https://war3tools.suyx.net/ad/header.html$0%Avira URL Cloudsafe
https://www.google.com/recaptcha/api2/aframe0%Avira URL Cloudsafe
https://war3tools.github.io/README.mdp0%Avira URL Cloudsafe
https://gitlab.com/war3tools/war3tools.gitlab.io0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxSerialization.debug.jsT0%Avira URL Cloudsafe
https://www.google.com/s2/favicons?sz=64&domain_url=0%Avira URL Cloudsafe
https://ipinfo.io/json?token=1660%Avira URL Cloudsafe
https://war3tools.suyx.net/ad/header.html40%Avira URL Cloudsafe
https://nim-nosdn.netease.im/MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMyMTQzNV9iM2Q4ZmJjZC02ZjNkLTRiM2YtYTM1NS1iNjIyODI3MzJiOGI=?download=SuWar3Tools.zip&randomtime=6385749611746035900%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxSerialization.jsT0%Avira URL Cloudsafe
https://cdn.ampproject.org/rtv/0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxHistory.jsT0%Avira URL Cloudsafe
http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebServices.debug.jsT0%Avira URL Cloudsafe
http://boxedapp.com/boxedappsdk/order.html0%Avira URL Cloudsafe
https://github.com/war3tools/war3tools.github.io/raw/master/docs/README.mdp0%Avira URL Cloudsafe
https://cse.google.com/cse.jsgoogle_wrap_fullscreen_adGoogle0%Avira URL Cloudsafe
https://raw.githubusercontent.com/war3tools/war3tools.github.io/master/docs/README.md0%Avira URL Cloudsafe
https://e.pcloud.link/publink/show?code=kZuPfnZPMNuop5GahSHaMcaSxbojp7AXIFX0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
war3tools.gitlab.io
35.185.44.232
truefalse
    		unknown
    chrome.cloudflare-dns.com
    		162.159.61.3
    		truefalse
      		unknown
      visitor-badge.laobi.icu
      		119.28.77.158
      		truefalse
        		unknown
        master.dl.sourceforge.net
        		216.105.38.12
        		truefalse
          		unknown
          codeberg.org
          		217.197.91.145
          		truefalse
            		unknown
            github.com
            		140.82.121.4
            		truefalse
              		unknown
              raw.githubusercontent.com
              		185.199.110.133
              		truefalse
                		unknown
                hits.dwyl.com
                		172.67.187.145
                		truefalse
                  		unknown
                  dev.azure.com
                  		13.107.42.20
                  		truefalse
                    		unknown
                    war3tools.github.io
                    		185.199.108.153
                    		truefalse
                      		unknown
                      googleads.g.doubleclick.net
                      		172.217.16.194
                      		truefalse
                        		unknown
                        i.w.bilicdn1.com
                        		148.153.35.66
                        		truefalse
                          		unknown
                          nim-nosdn.netease.im.w.kunluncan.com
                          		163.181.92.223
                          		truefalse
                            		unknown
                            gitea.com
                            		18.166.250.135
                            		truefalse
                              		unknown
                              api.bilibili.com
                              		unknown
                              		unknownfalse
                                		unknown
                                war3tools.suyx.net
                                		unknown
                                		unknownfalse
                                  		unknown
                                  nim-nosdn.netease.im
                                  		unknown
                                  		unknownfalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://api.bilibili.com/x/web-interface/zonefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/war3tools/war3tools.github.io/raw/master/docs/README.mdfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.suyx.net/ad/header.htmlfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.suyx.net/favicon.icofalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://codeberg.org/war3tools/war3tools/raw/branch/master/README.mdfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://master.dl.sourceforge.net/project/war3tools/README.md?viasf=1false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://gitea.com/war3tools/war3tools/raw/branch/master/README.mdfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.gitlab.io/ad/banner.htmlfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://nim-nosdn.netease.im/MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMyMTQzNV9iM2Q4ZmJjZC02ZjNkLTRiM2YtYTM1NS1iNjIyODI3MzJiOGI=?download=SuWar3Tools.zip&randomtime=638574961174603590false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://raw.githubusercontent.com/war3tools/war3tools.github.io/master/docs/README.mdfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://.cdn.ampproject.netorgLisectAVT_2403002B_286.exe, 00000000.00000003.2651989893.0000000013977000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2651574314.0000000013973000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2651194631.0000000013970000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2651704249.0000000013975000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2651440514.0000000013972000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2651835940.0000000013976000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.megadisk.net/cloud11/index.php/s/Yvt5smhuda8vxAnLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.cocsc.exe, 0000001C.00000002.3298788163.0000000004AF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxApplicationServices.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxHistory.debug.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.suyx.net/ad/header.html_286.dlllLisectAVT_2403002B_286.exe, 00000000.00000002.2701846576.0000000000BFD000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://googleads.g.doubleclick.net/pagead/html/r20240723/r20110914/zrt_lookup.htmlLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646639347.000000000F532000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2655068073.000000000F53D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646717732.000000000F534000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646680239.000000000F533000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646601399.000000000F531000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.suyx.net/ad/headerLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://boxedapp.com/boxedappsdk/order.htmlS:(ML;;NW;;;LW)ULisectAVT_2403002B_286.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://108955.kefu.easemob.com/v1/Tenant/108955/MediaFiles/6e07bc39-f04f-4785-8717-d6130c588db3U3VXYLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://e.pcloud.link/publink/show?code=kZuPfnZPMNuop5GahSHaMcaSxbojp7AXIFX)LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/Date.HijriCalendar.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxGlobalization.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebForms.debug.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://gitea.com/war3tools/war3tools/raw/branch/master/update.txtpLisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://eapi.pcloud.com/getapiserverLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/Date.HijriCalendar.debug.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://fundingchoicesmessages.google.com/i/%f[1].txt.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://gitea.com/war3tools/war3tools/raw/branch/master/update.txtLisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxComponentModel.debug.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://codeberg.org/war3tools/war3tools/raw/branch/master/update.txtLisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://dev.azure.com/war3tools/9b91b8fa-37b4-449c-8b69-5f281377e2fb/_apis/git/repositories/5bda583cLisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://gitlab.com/war3tools/war3tools.gitlab.io/-/raw/main/public/images/SuWar3Tools.pngLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.suyx.netLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://cdn.ampproject.org/amp4ads-host-v0.jsLisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://sourceforge.net/projects/war3tools/files/LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxTimer.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxApplicationServices.debug.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C50000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxNetwork.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/adsenseLisectAVT_2403002B_286.exe, 00000000.00000003.2633122649.000000000A1FE000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671937255.000000000A258000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671670121.000000000A205000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671207941.0000000013F37000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://bitbucket.org/LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.github.io/update.txtpLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://drive.internxt.com/sh/folder/79ed1b38-26b8-4cbc-818e-5687b072eb1f/c0c84fdce9486632690de15d1eLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://master.dl.sourceforge.net/project/war3tools/SuWar3Tools.zip?viasf=1LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://gitea.com/war3tools/war3tools/raw/branch/master/README.mdlBcqLisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.megadisk.net/cloud11/index.php/s/Yvt5smhuda8vxAn)LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxTimer.debug.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://adsense.com.HLisectAVT_2403002B_286.exe, 00000000.00000003.2603215891.000000001387F000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2608253242.0000000013880000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2607708668.000000001387F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://nim-nosdn.netease.im/MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMyMTQzNV9iM2Q4ZmJjZC02ZjLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FEE000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://mathiasbynens.be/f[1].txt.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://nim-nosdn.netease.imLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FEE000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/adsense/search/async-ads.jsLisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F87000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2633370663.0000000013EF6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2633547622.0000000013EF8000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2654589142.00000000139B6000.00000004.00000800.00020000.00000000.sdmp, f[1].txt.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://127.0.0.1:LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.gitlab.io/README.mdLisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/adsense3LisectAVT_2403002B_286.exe, 00000000.00000003.2654589142.00000000139B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://raw.githubusercontent.comLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://.cdn.ampproject.netorgALisectAVT_2403002B_286.exe, 00000000.00000003.2609031626.0000000010713000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/Date.UmAlQuraCalendar.debug.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxCore.jsTcsc.exe, 00000016.00000002.3134952936.00000000052C8000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3267235462.0000000005108000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3297447721.0000000004AB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://nim-nosdn.netease.im/MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxMjgxMTU3ODE4MV8xNDIwNjM4Zi0xZjLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://googleads.g.doubleclick.netf[1].txt.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.gitlab.io/update.txtLisectAVT_2403002B_286_Update.exe, 00000009.00000002.2760838359.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2869908564.0000000002D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://e.lengthLisectAVT_2403002B_286.exe, 00000000.00000003.2673165753.0000000013FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://eapi.pcloud.com/getapiserverapihttps:///getpublinkdownload?fileid=fileid&hashCache=hash&codeLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjax.jsTcsc.exe, 00000016.00000003.3125138951.00000000052ED000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125791799.00000000052F4000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125381458.00000000052F1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3130968893.00000000052F5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3135656929.00000000052F6000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://codeberg.org/war3tools/war3tools/raw/branch/master/update.txtpLisectAVT_2403002B_286.exe, 0000000A.00000002.2811483163.0000000002BBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://gitlab.com/war3tools/war3tools.gitlab.io/-/blob/main/Others/ExtDll/README.md)LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxNetwork.debug.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://adsense.com.b.google_ad_clientLisectAVT_2403002B_286.exe, 00000000.00000003.2671207941.0000000013F37000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.suyx.net/ad/header.htmlmhqLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000003021000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.comLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002F3A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ip-api.com/jsoncsc.exe, 00000019.00000003.3251655485.0000000005189000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3251370768.00000000051A5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3252719149.0000000005189000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3244944307.000000000512C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3251655485.0000000005178000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3262862553.00000000050C1000.00000004.00001000.00020000.00000000.sdmp, zkeqnbkw.0.cs.13.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://e.lengthe.lengthe.lengthe.lengtheLisectAVT_2403002B_286.exe, 00000000.00000003.2673165753.0000000013FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7779916227810877&output=html&adk=181227LisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2656788771.000000000F2C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://googleads.g.doubleclick.netLf.http://googleads.g.doubleclick.netLisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://googleads.g.doubleclick.net/pagead/html/LisectAVT_2403002B_286.exe, 00000000.00000003.2609031626.000000001071F000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2633008327.0000000013F25000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2609240005.0000000013EB1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2673165753.0000000013FA0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671207941.0000000013F37000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2587061684.000000000A1FF000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://securepubads.g.doubleclick.net/static/topics/topics_frame.htmlLisectAVT_2403002B_286.exe, 00000000.00000003.2633008327.0000000013F25000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2673165753.0000000013FA0000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/adsensentactLisectAVT_2403002B_286.exe, 00000000.00000003.2633122649.000000000A1FE000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671937255.000000000A258000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2671670121.000000000A205000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://google.comf[1].txt.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.gitlab.ioheader[1].htm.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebForms.jsTcsc.exe, 00000016.00000002.3134952936.00000000052C8000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3267235462.0000000005108000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3297447721.0000000004AB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.suyx.net/ad/header.html...TULisectAVT_2403002B_286.exe, 00000000.00000002.2701846576.0000000000C50000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.suyx.net/ad/header.html$LisectAVT_2403002B_286.exe, 00000000.00000003.2656788771.000000000F2C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxComponentModel.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/recaptcha/api2/aframeLisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://gitlab.com/war3tools/war3tools.gitlab.ioLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxSerialization.debug.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.github.io/README.mdpLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/s2/favicons?sz=64&domain_url=f[1].txt.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://ipinfo.io/json?token=166csc.exe, 00000019.00000003.3251655485.0000000005189000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3252719149.0000000005189000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxSerialization.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://war3tools.suyx.net/ad/header.html4LisectAVT_2403002B_286.exe, 00000000.00000003.2646949285.000000000F855000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2656752164.000000000F856000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxHistory.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268304624.0000000005138000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3264153006.0000000005137000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256602548.0000000005136000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255850280.000000000512F000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3256347115.0000000005134000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000002.3298644035.0000000004AE5000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291293637.0000000004ADC000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3291521114.0000000004AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://cdn.ampproject.org/rtv/LisectAVT_2403002B_286.exe, 00000000.00000003.2673483757.0000000013F2C000.00000004.00000020.00020000.00000000.sdmp, f[1].txt.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://boxedapp.com/boxedappsdk/order.htmlLisectAVT_2403002B_286.exe, 00000000.00000002.2701846576.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, LisectAVT_2403002B_286_Update.exe, 00000009.00000002.2762718857.0000000006310000.00000004.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286.exe, 0000000A.00000002.2815350308.00000000062F0000.00000004.10000000.00040000.00000000.sdmp, LisectAVT_2403002B_286_Update.exe, 0000000B.00000002.2872643403.00000000062A0000.00000004.10000000.00040000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebServices.debug.jsTcsc.exe, 00000016.00000003.3124897434.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000002.3136111326.0000000005306000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3125692919.0000000005305000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124796351.0000000005301000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000016.00000003.3124298894.00000000052F9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000002.3268436314.0000000005146000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3255447999.0000000005144000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000019.00000003.3254495460.000000000513C000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3282791615.0000000004AE9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3283855512.0000000004AF1000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3292581729.0000000004AF7000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000001C.00000003.3284044089.0000000004AF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/war3tools/war3tools.github.io/raw/master/docs/README.mdpLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://cse.google.com/cse.jsgoogle_wrap_fullscreen_adGoogleLisectAVT_2403002B_286.exe, 00000000.00000003.2646768862.000000000F535000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646639347.000000000F532000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2655068073.000000000F53D000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646717732.000000000F534000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646680239.000000000F533000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002B_286.exe, 00000000.00000003.2646601399.000000000F531000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://e.pcloud.link/publink/show?code=kZuPfnZPMNuop5GahSHaMcaSxbojp7AXIFXLisectAVT_2403002B_286.exe, 00000000.00000002.2704547420.0000000002FBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    216.105.38.12
                                    		master.dl.sourceforge.netUnited States
                                    		6130AIS-WESTUSfalse
                                    13.107.42.20
                                    		dev.azure.comUnited States
                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    35.185.44.232
                                    		war3tools.gitlab.ioUnited States
                                    		15169GOOGLEUSfalse
                                    185.199.108.153
                                    		war3tools.github.ioNetherlands
                                    		54113FASTLYUSfalse
                                    172.217.16.194
                                    		googleads.g.doubleclick.netUnited States
                                    		15169GOOGLEUSfalse
                                    18.166.250.135
                                    		gitea.comUnited States
                                    		16509AMAZON-02USfalse
                                    140.82.121.4
                                    		github.comUnited States
                                    		36459GITHUBUSfalse
                                    148.153.35.66
                                    		i.w.bilicdn1.comUnited States
                                    		63199CDSC-AS1USfalse
                                    185.199.110.133
                                    		raw.githubusercontent.comNetherlands
                                    		54113FASTLYUSfalse
                                    163.181.92.223
                                    		nim-nosdn.netease.im.w.kunluncan.comUnited States
                                    		24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                                    217.197.91.145
                                    		codeberg.orgGermany
                                    		29670IN-BERLIN-ASIndividualNetworkBerlineVDEfalse

                                    General Information

                                    Joe Sandbox version:40.0.0 Tourmaline
                                    Analysis ID:1481863
                                    Start date and time:2024-07-25 15:15:35 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 11m 23s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:32
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:LisectAVT_2403002B_286.exe
                                    Detection:MAL
                                    Classification:mal69.expl.evad.winEXE@24/35@25/11
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:
                                    • Successful, ratio: 80%
                                    • Number of executed functions: 453
                                    • Number of non-executed functions: 53
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, msedgewebview2.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 20.190.159.68, 20.190.159.4, 40.126.31.71, 20.190.159.73, 20.190.159.71, 20.190.159.0, 20.190.159.75, 40.126.31.67, 142.250.185.194, 13.107.42.16, 142.250.184.226, 20.56.187.20, 20.191.45.158
                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, prdv4a.aadg.msidentity.com, nav-edge.smartscreen.microsoft.com, fs.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, data-edge.smartscreen.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, pagead2.googlesyndication.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, tm-prod-wd-csp-edge.trafficmanager.net, ocsp.digicert.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, prod-agic-we-3.westeurope.cloudapp.azure.com, l-0007.l-msedge.net, config.edge.skype.com, prod-agic-ne-1.northeurope.cloudapp.azure.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenFile calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: LisectAVT_2403002B_286.exe

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    09:16:57API Interceptor981757x Sleep call for process: LisectAVT_2403002B_286.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    216.105.38.12PeaceSetup.exeGet hashmaliciousUnknownBrowse
                                      185.199.108.153http://auth-trezor.github.io/Get hashmaliciousUnknownBrowse
                                      • auth-trezor.github.io/
                                      http://arijitarz.github.io/netflix/Get hashmaliciousUnknownBrowse
                                      • arijitarz.github.io/netflix/
                                      http://abhay-panchal-14.github.io/netflixGet hashmaliciousUnknownBrowse
                                      • abhay-panchal-14.github.io/netflix
                                      http://aks34.github.io/NETFLIX_CLONE/Get hashmaliciousUnknownBrowse
                                      • aks34.github.io/NETFLIX_CLONE/
                                      http://andrepolanco.github.io/facebook.github.io/Get hashmaliciousUnknownBrowse
                                      • andrepolanco.github.io/facebook.github.io/
                                      http://best-practice-and-impact.github.io/govcookiecutter/Get hashmaliciousUnknownBrowse
                                      • best-practice-and-impact.github.io/govcookiecutter/
                                      http://subhalaxmi2000.github.io/netflixcloneGet hashmaliciousUnknownBrowse
                                      • subhalaxmi2000.github.io/netflixclone
                                      http://theabhiichakraborty.github.io/netflix-cloneGet hashmaliciousUnknownBrowse
                                      • theabhiichakraborty.github.io/
                                      http://janhavikodape.github.io/Netflix-CloneGet hashmaliciousUnknownBrowse
                                      • janhavikodape.github.io/Netflix-Clone
                                      http://fix-to-manage-1.github.io/Submit-apply-1Get hashmaliciousHTMLPhisherBrowse
                                      • fix-to-manage-1.github.io/Submit-apply-1
                                      140.82.121.4RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                                      • github.com/ssbb36/stv/raw/main/5.mp3
                                      148.153.35.66SlHgSOYcMY.exeGet hashmaliciousUnknownBrowse
                                      • passport.bilibili.com/phpMyAdmin/

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      codeberg.orgCNWSFY59Z6S1D.JSGet hashmaliciousWSHRATBrowse
                                      • 217.197.91.145
                                      CNWSFY59Z6S1D.JSGet hashmaliciousWSHRATBrowse
                                      • 217.197.91.145
                                      6Y8CXBW7P6AR.JSGet hashmaliciousUnknownBrowse
                                      • 217.197.91.145
                                      Techspan Statement.xlsmGet hashmaliciousUnknownBrowse
                                      • 217.197.91.145
                                      chrome.cloudflare-dns.comLisectAVT_2403002B_360.exeGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      LisectAVT_2403002B_404.dllGet hashmaliciousRamnitBrowse
                                      • 162.159.61.3
                                      LisectAVT_2403002B_404.dllGet hashmaliciousRamnitBrowse
                                      • 162.159.61.3
                                      LisectAVT_2403002B_428.exeGet hashmaliciousCoinhive, Ramnit, XmrigBrowse
                                      • 162.159.61.3
                                      LisectAVT_2403002C_110.dllGet hashmaliciousRamnitBrowse
                                      • 172.64.41.3
                                      LisectAVT_2403002C_110.dllGet hashmaliciousRamnitBrowse
                                      • 172.64.41.3
                                      LisectAVT_2403002C_123.exeGet hashmaliciousBdaejec, DarkbotBrowse
                                      • 172.64.41.3
                                      LisectAVT_2403002C_124.exeGet hashmaliciousBdaejec, RamnitBrowse
                                      • 162.159.61.3
                                      LisectAVT_2403002C_134.exeGet hashmaliciousRamnitBrowse
                                      • 172.64.41.3
                                      KolataFixed.exeGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      visitor-badge.laobi.icu6IvqTafV8y.exeGet hashmaliciousRedLineBrowse
                                      • 119.28.77.158
                                      6IvqTafV8y.exeGet hashmaliciousRedLineBrowse
                                      • 119.28.77.158
                                      SuWar3Tools.exeGet hashmaliciousRedLineBrowse
                                      • 119.28.77.158
                                      SuWar3Tools.exeGet hashmaliciousRedLineBrowse
                                      • 119.28.77.158
                                      tDkUqzi4PG.exeGet hashmaliciousAgentTesla, Amadey, AsyncRAT, Fabookie, Lokibot, LummaC Stealer, RHADAMANTHYSBrowse
                                      • 119.28.77.158
                                      raw.githubusercontent.comLisectAVT_2403002B_484.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                      • 185.199.111.133
                                      LisectAVT_2403002B_484.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                      • 185.199.108.133
                                      Lisect_AVT_24003_G1B_83.exeGet hashmaliciousUnknownBrowse
                                      • 185.199.110.133
                                      Lisect_AVT_24003_G1B_95.exeGet hashmaliciousUnknownBrowse
                                      • 185.199.111.133
                                      Lisect_AVT_24003_G1B_122.exeGet hashmaliciousUnknownBrowse
                                      • 185.199.111.133
                                      Lisect_AVT_24003_G1B_122.exeGet hashmaliciousUnknownBrowse
                                      • 185.199.110.133
                                      LisectAVT_2403002A_392.exeGet hashmaliciousNovaSentinelBrowse
                                      • 185.199.109.133
                                      LisectAVT_2403002A_260.exeGet hashmaliciousPython Stealer, Blank Grabber, Rose Stealer, XmrigBrowse
                                      • 185.199.110.133
                                      https://voice-ourtime.ifoselovec.workers.dev/?notrackGet hashmaliciousHTMLPhisherBrowse
                                      • 185.199.111.133
                                      8998BC9FAF52DAB072698E932593819BFD772EE5C0C4519F30ECD55DE363505A.exeGet hashmaliciousBdaejecBrowse
                                      • 185.199.110.133
                                      github.comEwhite Replay VM .docxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                      • 140.82.121.3
                                      https://forms.office.com/Pages/ResponsePage.aspx?id=BqNskUxs8U6nXGGZ_4IjJrg09W7G0L5Pruu0tOeqXPNUMVdNUUg1OEZaVjM1NDA4MDU1QlFHUlhGSy4uGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                      • 140.82.121.3
                                      FBD0DD6CFA4C80E07EDB97767D169EC45066A58B9D2FD475BE13BC4A7CC4DFA2.exeGet hashmaliciousBdaejecBrowse
                                      • 140.82.121.3
                                      parcellabelphoto.jarGet hashmaliciousSTRRATBrowse
                                      • 140.82.121.3
                                      http://links-sg.dispatch.me/ls/click?upn=u001.ocQe0-2BgliqpF-2FIgZypM8KOaLflKjBlvqTxtPZw5yZIbZDE9vmulRwrCjHKmWRDNHjHXGC5bjX16p-2FKQbudETcReyH2ada0TDTZ9i4Fm9kQ3GWUyvzzwMCdcEUqs-2FTSCobKxgzuisHVBsQ-2FSQ3F13H5HutCQALtWrS8HApt5o4dpZ-2BNvuOuxFwx-2BeObsn6VjvT5TqPLkexi4iH5KEJi8Cdw-3D-3DATrr_-2F-2F-2B-2FxnH7VwZ7l1bJN-2FhVOPk1U24fPXiT0lCeCqmBBxzunHzzBZhASjEPhdfcYmgfhvKPgbmfCcNO0asuCAP4GQjxIDFltQt0zztHT0pZkzXqKtFgdxgdlGrzT0WJ21THn3P5UyhAiKGRx3slicqJyrWBw4wmTjosxdLpPvzT9mOZ9tFtj-2FYpdJbLEVcqfFG3PWdvMJHnhRGcQ-2BjkZifTwg-3D-3DGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                      • 140.82.121.3
                                      Transaction record 5445-97660.pdfGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                      • 140.82.121.4
                                      Transaction record 5445-97660.pdfGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                      • 140.82.121.4
                                      master.dl.sourceforge.netPeaceSetup.exeGet hashmaliciousUnknownBrowse
                                      • 216.105.38.12

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      AIS-WESTUSQRE3h2SSev.elfGet hashmaliciousMirai, GafgytBrowse
                                      • 173.213.255.227
                                      https://sourceforge.net/projects/docfetcher/files/docfetcher/1.1.25/docfetcher_1.1.25_win32_setup.exe/downloadGet hashmaliciousUnknownBrowse
                                      • 204.68.111.105
                                      https://winscp.net/eng/download.phpGet hashmaliciousUnknownBrowse
                                      • 216.105.38.9
                                      https://survey.nationalopinioninstitute.com/hP7nkGet hashmaliciousUnknownBrowse
                                      • 67.207.214.123
                                      MDE_File_Sample_0e9d1c53bfb8f43b777a5c0e25f0a850e1a521b3.zipGet hashmaliciousUnknownBrowse
                                      • 204.68.111.105
                                      fQJ7EENUSV.elfGet hashmaliciousMiraiBrowse
                                      • 173.213.244.46
                                      https://bestandssm.xyz/product_details/3974767.htmlGet hashmaliciousUnknownBrowse
                                      • 67.207.212.195
                                      Kqm2EouJ6h.elfGet hashmaliciousMiraiBrowse
                                      • 209.59.60.117
                                      iojdGF3xsj.elfGet hashmaliciousMiraiBrowse
                                      • 173.213.255.210
                                      http://downloads.sourceforge.net/project/antinat/antinat/0.80/antinat.exe?r=http://downloads.sourceforge.net%5C%5Cu0026ts=gAAAAABkZuiIhoazbWL92yvXzZfWPjIb3SxTRRBpH08osl0Ud-g8e-YuAxCnFkvJl0mia8g-oUDq3KZG7WEmAsgFTRcfmQseng==%5C%5Cu0026use_mirror=gigenetGet hashmaliciousUnknownBrowse
                                      • 216.105.38.9
                                      MICROSOFT-CORP-MSN-AS-BLOCKUSRe_ Q22689 - 07.24.2024_Conduit Construction Network Ltd_Today.emlGet hashmaliciousUnknownBrowse
                                      • 204.79.197.203
                                      LisectAVT_2403002B_311.exeGet hashmaliciousXRedBrowse
                                      • 13.107.246.45
                                      LisectAVT_2403002B_318.exeGet hashmaliciousXRedBrowse
                                      • 13.107.246.60
                                      LisectAVT_2403002B_327.exeGet hashmaliciousXRedBrowse
                                      • 13.107.246.42
                                      LisectAVT_2403002B_343.exeGet hashmaliciousXRedBrowse
                                      • 13.107.246.60
                                      LisectAVT_2403002B_359.exeGet hashmaliciousUnknownBrowse
                                      • 13.107.246.60
                                      LisectAVT_2403002B_360.exeGet hashmaliciousUnknownBrowse
                                      • 204.79.197.239
                                      https://www.bing.com/search?pglt=163&q=bosphorus+speisekarte&cvid=3b61922a022645c18ea2d78b42ef8c11&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQABhAMgYIAhAAGEDSAQg0NjQ3ajBqMagCCLACAQ&FORM=ANNTA1&PC=U531Get hashmaliciousUnknownBrowse
                                      • 150.171.29.10
                                      http://www.cabrerallamas.com/Get hashmaliciousUnknownBrowse
                                      • 13.107.246.42
                                      phish_alert_sp2_2.0.0.0(4).emlGet hashmaliciousHTMLPhisherBrowse
                                      • 204.79.197.203
                                      AMAZON-02USLisectAVT_2403002B_290.exeGet hashmaliciousBdaejecBrowse
                                      • 18.141.10.107
                                      Re_ Q22689 - 07.24.2024_Conduit Construction Network Ltd_Today.emlGet hashmaliciousUnknownBrowse
                                      • 34.252.40.201
                                      LETTER.pdfGet hashmaliciousUnknownBrowse
                                      • 18.239.83.16
                                      http://www.cabrerallamas.com/Get hashmaliciousUnknownBrowse
                                      • 18.158.75.66
                                      http://ads.livetv799.meGet hashmaliciousUnknownBrowse
                                      • 108.156.64.41
                                      phish_alert_sp2_2.0.0.0(4).emlGet hashmaliciousHTMLPhisherBrowse
                                      • 18.245.86.89
                                      LisectAVT_2403002B_404.dllGet hashmaliciousRamnitBrowse
                                      • 18.239.83.98
                                      phish_alert_sp2_2.0.0.0 (27).emlGet hashmaliciousHTMLPhisherBrowse
                                      • 18.239.18.33
                                      LisectAVT_2403002B_412.exeGet hashmaliciousFormBookBrowse
                                      • 18.163.247.76
                                      Ewhite Replay VM .docxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                      • 13.227.219.97
                                      FASTLYUSRe_ Q22689 - 07.24.2024_Conduit Construction Network Ltd_Today.emlGet hashmaliciousUnknownBrowse
                                      • 151.101.129.181
                                      http://tamu.perksconnect.comGet hashmaliciousUnknownBrowse
                                      • 151.101.129.229
                                      https://pub-25902d32074b459eb837a12ad320b79e.r2.dev/index.html#gusquast@bitel.netGet hashmaliciousHTMLPhisherBrowse
                                      • 151.101.194.137
                                      Ewhite Replay VM .docxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                      • 151.101.2.137
                                      LisectAVT_2403002B_428.exeGet hashmaliciousCoinhive, Ramnit, XmrigBrowse
                                      • 151.101.66.137
                                      LisectAVT_2403002B_484.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                      • 185.199.111.133
                                      LisectAVT_2403002B_484.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                      • 185.199.108.133
                                      LisectAVT_2403002C_110.dllGet hashmaliciousRamnitBrowse
                                      • 151.101.130.137
                                      LisectAVT_2403002C_110.dllGet hashmaliciousRamnitBrowse
                                      • 151.101.130.137
                                      LisectAVT_2403002C_123.exeGet hashmaliciousBdaejec, DarkbotBrowse
                                      • 151.101.194.137

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      3b5074b1b5d032e5620f69f9f700ff0eLisectAVT_2403002B_321.exeGet hashmaliciousUnknownBrowse
                                      • 216.105.38.12
                                      • 13.107.42.20
                                      • 35.185.44.232
                                      • 185.199.108.153
                                      • 18.166.250.135
                                      • 140.82.121.4
                                      • 148.153.35.66
                                      • 185.199.110.133
                                      • 163.181.92.223
                                      • 217.197.91.145
                                      LisectAVT_2403002B_323.exeGet hashmaliciousUnknownBrowse
                                      • 216.105.38.12
                                      • 13.107.42.20
                                      • 35.185.44.232
                                      • 185.199.108.153
                                      • 18.166.250.135
                                      • 140.82.121.4
                                      • 148.153.35.66
                                      • 185.199.110.133
                                      • 163.181.92.223
                                      • 217.197.91.145
                                      LisectAVT_2403002B_321.exeGet hashmaliciousUnknownBrowse
                                      • 216.105.38.12
                                      • 13.107.42.20
                                      • 35.185.44.232
                                      • 185.199.108.153
                                      • 18.166.250.135
                                      • 140.82.121.4
                                      • 148.153.35.66
                                      • 185.199.110.133
                                      • 163.181.92.223
                                      • 217.197.91.145
                                      LisectAVT_2403002B_359.exeGet hashmaliciousUnknownBrowse
                                      • 216.105.38.12
                                      • 13.107.42.20
                                      • 35.185.44.232
                                      • 185.199.108.153
                                      • 18.166.250.135
                                      • 140.82.121.4
                                      • 148.153.35.66
                                      • 185.199.110.133
                                      • 163.181.92.223
                                      • 217.197.91.145
                                      LisectAVT_2403002B_385.exeGet hashmaliciousAgentTesla, BdaejecBrowse
                                      • 216.105.38.12
                                      • 13.107.42.20
                                      • 35.185.44.232
                                      • 185.199.108.153
                                      • 18.166.250.135
                                      • 140.82.121.4
                                      • 148.153.35.66
                                      • 185.199.110.133
                                      • 163.181.92.223
                                      • 217.197.91.145
                                      LisectAVT_2403002B_390.exeGet hashmaliciousAgentTesla, BdaejecBrowse
                                      • 216.105.38.12
                                      • 13.107.42.20
                                      • 35.185.44.232
                                      • 185.199.108.153
                                      • 18.166.250.135
                                      • 140.82.121.4
                                      • 148.153.35.66
                                      • 185.199.110.133
                                      • 163.181.92.223
                                      • 217.197.91.145
                                      DEBIT NOTE.exeGet hashmaliciousAgentTeslaBrowse
                                      • 216.105.38.12
                                      • 13.107.42.20
                                      • 35.185.44.232
                                      • 185.199.108.153
                                      • 18.166.250.135
                                      • 140.82.121.4
                                      • 148.153.35.66
                                      • 185.199.110.133
                                      • 163.181.92.223
                                      • 217.197.91.145
                                      LisectAVT_2403002B_395.exeGet hashmaliciousUnknownBrowse
                                      • 216.105.38.12
                                      • 13.107.42.20
                                      • 35.185.44.232
                                      • 185.199.108.153
                                      • 18.166.250.135
                                      • 140.82.121.4
                                      • 148.153.35.66
                                      • 185.199.110.133
                                      • 163.181.92.223
                                      • 217.197.91.145
                                      httP://151.28.168.184.host.secureserver.net/documento=24/07/2024/U04cVk3Ovkp..VkcI/6VnUVdvU8k1Oz8c2H4/maud.gaume@gmail.com-282072__;!!P3IToRM6tg!mhHYI3NP1FN47238PV4Ejpyi3ZOkGxwJydSJnD9HyjmCKYq9ZCB_iRj7Oz_yw96WdDsvl9wksR7V4C9z2rZDtUTV_FwEQ6ffgUAMko4$Get hashmaliciousUnknownBrowse
                                      • 216.105.38.12
                                      • 13.107.42.20
                                      • 35.185.44.232
                                      • 185.199.108.153
                                      • 18.166.250.135
                                      • 140.82.121.4
                                      • 148.153.35.66
                                      • 185.199.110.133
                                      • 163.181.92.223
                                      • 217.197.91.145
                                      LisectAVT_2403002B_4.exeGet hashmaliciousAsyncRAT, Neshta, StormKitty, WorldWind StealerBrowse
                                      • 216.105.38.12
                                      • 13.107.42.20
                                      • 35.185.44.232
                                      • 185.199.108.153
                                      • 18.166.250.135
                                      • 140.82.121.4
                                      • 148.153.35.66
                                      • 185.199.110.133
                                      • 163.181.92.223
                                      • 217.197.91.145
                                      37f463bf4616ecd445d4a1937da06e19LisectAVT_2403002B_272.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                      • 35.185.44.232
                                      LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                                      • 35.185.44.232
                                      LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                                      • 35.185.44.232
                                      LisectAVT_2403002B_311.exeGet hashmaliciousXRedBrowse
                                      • 35.185.44.232
                                      LisectAVT_2403002B_318.exeGet hashmaliciousXRedBrowse
                                      • 35.185.44.232
                                      LisectAVT_2403002B_327.exeGet hashmaliciousXRedBrowse
                                      • 35.185.44.232
                                      LisectAVT_2403002B_331.exeGet hashmaliciousUnknownBrowse
                                      • 35.185.44.232
                                      LisectAVT_2403002B_343.exeGet hashmaliciousXRedBrowse
                                      • 35.185.44.232
                                      LisectAVT_2403002B_344.exeGet hashmaliciousBdaejec, VidarBrowse
                                      • 35.185.44.232
                                      LisectAVT_2403002B_356.exeGet hashmaliciousUnknownBrowse
                                      • 35.185.44.232

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LisectAVT_2403002B_286.exe.log

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2124
                                      Entropy (8bit):5.354836459581629
                                      Encrypted:false
                                      SSDEEP:48:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HKHKMRmHKU57UiHZH1HxHK9HKs:Pq5qHwCYqh3oPtI6eqzxqqMRmqU57Uim
                                      MD5:02DFBEF05C485C265F36615D30B2D849
                                      SHA1:E2FBE7962DC294E6C7099CB8E00F4BC1C4E3C07C
                                      SHA-256:11D5B0D32644193B5524464D5DF500901D94C2F1A65F258D205299759E1FE1C5
                                      SHA-512:2F10DAACE3BE96997D9E95644BACBC5230CF02FEC10C506C531B0C199329DA004579E44278C003EB569BE4BF68F51FEFDFF4CE6BD171E54584377854B5B3AF88
                                      Malicious:true
                                      Reputation:low
                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LisectAVT_2403002B_286_Update.exe.log

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):410
                                      Entropy (8bit):5.361827289088002
                                      Encrypted:false
                                      SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLUE4K5E4KH1qE4j
                                      MD5:64A2247B3C640AB3571D192DF2079FCF
                                      SHA1:A17AFDABC1A16A20A733D1FDC5DA116657AAB561
                                      SHA-256:87239BAD85A89EB90322C658DFD589B40229E57F05B181357FF834FCBABCB7E2
                                      SHA-512:CF71FE05075C7CAE036BD1B7192B8571C6F97A32209293B54FAEC79BAE0B6C3369946B277CE2E1F0BF455BF60FA0E8BB890E7E9AAE9137C79AB44C9C3D406D35
                                      Malicious:false
                                      Reputation:moderate, very likely benign file
                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\5LOESKIH\war3tools.suyx[1].xml

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):13
                                      Entropy (8bit):2.469670487371862
                                      Encrypted:false
                                      SSDEEP:3:D90aKb:JFKb
                                      MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
                                      SHA1:35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
                                      SHA-256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
                                      SHA-512:6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
                                      Malicious:false
                                      Preview:<root></root>

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\f[1].txt

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:ASCII text, with very long lines (1913)
                                      Category:dropped
                                      Size (bytes):504801
                                      Entropy (8bit):5.566026845169729
                                      Encrypted:false
                                      SSDEEP:6144:fDYp/aDtk3u1lqItor3jHJ32KyqhfSjHO3SVwOu5C1Tnyl2mm:fnD31lqItor3FmPqh6jHOiVwOudzm
                                      MD5:FD18E3F0754CCC63F87546C040F4F623
                                      SHA1:BB09F80EC02C22C3015C44B90EEBACF989F1950E
                                      SHA-256:1D87A150B56139B547124B32DA191882709D1CE8EB8666C336E625B5530C23C0
                                      SHA-512:B17E258B0849CFFF7EB370BD026FEC546C5372F6F7EC453D74EA3D195A2A3A368B042C0453D28906BD892CE72C35AEDD40BA5823892E0085E1670F504797FAE8
                                      Malicious:false
                                      Preview:(function(sttc){var t,aa;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a}; .function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=fa(this),ja=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",u={},ka={};function w(a,b,c){if(!c||a!=null){c=ka[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function x(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in u?f=u:f=ha;for(e=0;e<d.length-1;e++){var h=d[e];if(!(h in f))break a;f=f[h]}d=d[d.length-1];c=ja&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?ea(u,d,{configurable:!0,writable:!0,value:b}):b!

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\f[1].txt

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:ASCII text, with very long lines (3450)
                                      Category:dropped
                                      Size (bytes):191874
                                      Entropy (8bit):5.56835387113054
                                      Encrypted:false
                                      SSDEEP:1536:L1EzIIhaccMoFNFfc0UL1CTVmkIpH40D/6A1slHiGIf5uLtf9ZN4X7lmWCOWza99:2vcWlV3i9iLou7lGzWpPvgRn9QM4
                                      MD5:8F54559915B96B095977583C3350AD85
                                      SHA1:9071C108D9E91D704FBBE20DA62E508C7E549B8E
                                      SHA-256:4B44672BD0798139FCEC7A6AAA688102B06530430A54A6492F5216D85534A4B6
                                      SHA-512:CFA462564A1C3BE928653F8E6F8661CD1865A4DC3F5529EAD2E754CD4F8B29EAAFBA2894F3E7A02D77B2A0B97041A6F2FA35A55BE566052764071804AD1B31A7
                                      Malicious:false
                                      Preview:(function(sttc){var r,aa;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a}; .function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ea=da(this),fa=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},ha={};function u(a,b,c){if(!c||a!=null){c=ha[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function w(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in t?f=t:f=ea;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=fa&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?ca(t,d,{configurable:!0,writable:!0,value:b}):b!

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\bmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMyMTQzNV9iM2Q4ZmJjZC02ZjNkLTRiM2YtYTM1NS1iNjIyODI3MzJiOGI=[1].cache

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                      Category:dropped
                                      Size (bytes):4041269
                                      Entropy (8bit):7.998814477689635
                                      Encrypted:true
                                      SSDEEP:98304:MGg4C5HvfQ1BpKuDEE7e6y0cmhVRgfrSH1bpMjaKm3hvr:MGg4cgBpvYE7Fgj/aKmhz
                                      MD5:8BB2586F9577A9D12A4D93478367F06E
                                      SHA1:ABF8D1EE99D631901E823F030F82E28D01FC4DC8
                                      SHA-256:91DEB530D2B0D3E8458D6E93D86E1522DC9E4EBFA805C21A38E96FC14622E15D
                                      SHA-512:338F0B19DDD2463D9DD9B168167421EA496030072F8E50EF2EF6050B7549C357495602373C79BC436276BA7F1B3DA1B1FB931E456BD9523962CF99C0CD9FC148
                                      Malicious:false
                                      Preview:PK...........W................SuWar3Tools/PK........x..X.;...=...P.....SuWar3Tools/SuWar3Tools.exe..XT..8|.9.(.g.A)IG.....5l..W.:..j~P.Dde:..."4..7SVTZ......W.:......GW.. T`&h......aP+...}~..O....>k....k...Yk95.q<..2..s.....'..z............L.|x.a....Z|.............;.3<..!vZ...../..{7.....qI. ...H...in.*X..8] ..A...C+upa.d..k.k7.u.r....`H..h.u......_..x.\,.p..7....$^..3hg..;..3.`..{.-P.K`.!.....x....9..Q...V...@.1.Y1.mE/.....U~;.s.OH....g.r\.-.....-.....'...c....sm...,~..)...\.fX.)........._..>.}.........._..>........+=..XI...-.A..q.d....F...d....).[.s.;>D.,...@&..*..7.!9K.;....H+s6i...m..L.,.X.n.[..UN..VcI..DL.....n.Z..d...N.5j!;..!'.,.$......D^\.i.0..........c.s...J..=.;......5.......L.2z...........h.*.u.R....j....K.u....."........O.`...?i....Zlr....Q........n..jE+....;...>.Zd2..L.."-.)J........lh......M...}.399$v V1...w....1T./...h..$.>9.K...aR....F.P`...kJ.s.3(.`M'-..>..'AP:.".......=3onG..Q...4.s..eqV.X..q....ko...&...mP...............?hr....

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\header[1].htm

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:HTML document, Unicode text, UTF-8 (with BOM) text
                                      Category:dropped
                                      Size (bytes):1888
                                      Entropy (8bit):5.6052549272408845
                                      Encrypted:false
                                      SSDEEP:48:zcx8Ep+o637Yd9Jtio5n+tISjxRbbN+f79W6T:zcx8Ekow89R+BbbpoF
                                      MD5:63E9D035971EE95334174931F05B4C40
                                      SHA1:5F9CDC7EF00DCF893AD5441C0B8C7A4A7D3DD044
                                      SHA-256:A1A4B2AEC484A93BA52FF2D4C2684185F94E416A5556AD49B81F4A4FC690F252
                                      SHA-512:78AB7168F617179C69C93A9188122274F4E7A85E8F305C31ACF7DFEE35B92931AA2B288B613470C416693DC62E257B43174E703349AC89CE1AA8F00BB90DA533
                                      Malicious:false
                                      Preview:.<!DOCTYPE html>.<head>. <title>....3..SuWar3Tools</title>. <meta charset="UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">. <meta name="description" content="....3..SuWar3Tools">. <meta name="keywords" content="....3..SuWar3Tools,....,Warcraft III,war3,wc3,SuWar3Tools,..,..,..,..">. <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">. <style>. body {. background: #ffffff;. margin: 0px;. }. .headerad {. text-decoration: none;. position: relative;. }. .headerad:before {. background: linear-gradient(to left bottom, hsl(99, 100%, 85%) 0%,hsl(226, 100%, 85%) 100%);. content: '\9b54\517d\4e89\9738\0033\6539\952e\0053\0075\0057\0061\0072\0033\0054\006f\006f\006c\0073\ahttps://war3tools.gitlab.io';. white-space: pre;. display: flex;. justify-content: center;. align-items: center;. height: 100%;.

                                      C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.0.cs

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators
                                      Category:dropped
                                      Size (bytes):18514
                                      Entropy (8bit):4.31841024179425
                                      Encrypted:false
                                      SSDEEP:192:iuNWs4b6fYymynjFmZP/G3wZ8PK8P5TXXUFaJXV3feaK0K3jh1aK053MLY/t:iuMsYAuNG3OeKelXUgXlfU3m31t
                                      MD5:3E3AD712B18F4BF1494DD5A39204F477
                                      SHA1:F2F5362F2393FC6B4B2360B7B5FECD88C002D71E
                                      SHA-256:52F8717C77C5D5C72366DB9085E22E5A7E2BA702115EBD0FF861913179DB6401
                                      SHA-512:B873F6ED382BCD2A912736C120E251B271BF5F2948C5AA320FF063A3B4B67114C5C3CC566766C1F5970B40334842BC8B1173DB3DD782A454B36C133293A77D5C
                                      Malicious:false
                                      Preview:.using System;.using System.Collections;.using System.Collections.Generic;.using System.IO;.using System.IO.Compression;.using System.Linq;.using System.Net;.using System.Net.Http;.using System.Net.Http.Headers;.using System.Text;.using System.Threading.Tasks;.using System.Web.Script.Serialization;.namespace MyCompiler_NameSpace {.public class MyCompiler_Class {.static MyCompiler_Class().. {.. //...................: .... SSL/TLS ....... System.Net.ServicePointManager.Expect100Continue = true;.. System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12 | System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls;.. System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender1, certificate, chain, errors) => true;.. }.public object GetMyObject(Dictionary<string, string> dics).{.var url =

                                      C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.cmdline

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (334), with no line terminators
                                      Category:dropped
                                      Size (bytes):337
                                      Entropy (8bit):5.160973866204088
                                      Encrypted:false
                                      SSDEEP:6:pAu+HIWdyrL/6KewqWVAVMZO/AuA5LXxZ923fjH8OHAzxszI923fjH8OHLGAn:p3xrL/6KeqAmZO/Au0Txecw5
                                      MD5:1A66DD7154FB612CAC187E119424ABFC
                                      SHA1:24CF861EC096DF375F55C0BD45126CCF77F7C945
                                      SHA-256:D2D466D128C62C1A6D04B5578C1B190701752DD84CF32F900658A1CBC39D7F8C
                                      SHA-512:D9A62B04D8245146069C7F8EA46C7BB85C4F8D8FF42477854CB766BBFDDA900C81042A7DAFDB2F3F8AF7CFD9D55D2BF3F072554C101B243AE16DA14B615D5960
                                      Malicious:false
                                      Preview:./t:library /utf8output /R:"mscorlib.dll" /R:"System.dll" /R:"System.Core.dll" /R:"System.IO.Compression.dll" /R:"Microsoft.CSharp.dll" /R:"System.Net.Http.dll" /R:"System.Web.Extensions.dll" /out:"C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.0.cs"

                                      C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.dll

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):23552
                                      Entropy (8bit):5.4822279068317705
                                      Encrypted:false
                                      SSDEEP:384:33y8ZtEjWHpweuj2HCd+XrYGefz8CIIhZpmG+tc+6gcE42ae1:3i8ZtEOmjxdAaz8CbLKY2ae1
                                      MD5:31AFAC6E3780E370DFBA935E335765C3
                                      SHA1:8D1A84D6DFF2ED3C41672AEC419A156CA8CD4D56
                                      SHA-256:6AF00A10F2CCA6BB66E891ADEA0BFE74C9E6549C180F59C44CC9685D78EA0F1C
                                      SHA-512:A62A4BA85854647135787C04D801CCDF4BF7DFBFF54E8AD7FE662499C96CFCD298113AAF81F6AB290EF4D7B8EBBCCC78A984DA918968AFBCF6FCFD8D009C7592
                                      Malicious:true
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%l.f...........!.....T...........s... ........... ....................................@.................................Ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......@D.../............................................................*..(.... ....(....~....-........s.........~....(....*..0..-.......r...p.s......rW..p...r_..p..(....o.....(...+*....0.................(....&....&.....*.................0.................(....&....&.....*..................(....-..,..o.....2...o....-.rg..p*..o....%-.&rg..p*....0..X........(....-..(....,.rg..p*.ri..po....,.s.....(...+....(....*s.....(...+.o....t........(....*.0...........,..o.....2..(....,.

                                      C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.out

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (415), with CRLF, CR line terminators
                                      Category:modified
                                      Size (bytes):836
                                      Entropy (8bit):5.292196234362425
                                      Encrypted:false
                                      SSDEEP:24:KMoqddj6KeSZO/A3ed8Kax5DqBVKVrdFAMBJTH:dosj6dSZmA3ed8K2DcVKdBJj
                                      MD5:DC9EC473B3F14ED12E77D4377D039057
                                      SHA1:70554B44719DB4E1E0B8270B4A360C3C45E9C19F
                                      SHA-256:CC2CCC10E0A842FB25EDFBDEA56631E17FA250AC7993BDA8460EA1A6A8C2242F
                                      SHA-512:489C7EDF58A69FB058009E7EEDB7904D56C5345D25A6408B9EA2C7DE116DA8C5CE6411B866A553B1957B3521ECDDA0B9225532758B47DCFE6474D719867B8563
                                      Malicious:false
                                      Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /t:library /utf8output /R:"mscorlib.dll" /R:"System.dll" /R:"System.Core.dll" /R:"System.IO.Compression.dll" /R:"Microsoft.CSharp.dll" /R:"System.Net.Http.dll" /R:"System.Web.Extensions.dll" /out:"C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                      C:\Users\user\AppData\Local\Temp\1kjwnqt4\CSCF68404DF18AE46178AD88EB7B711C3F0.TMP

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                      File Type:MSVC .res
                                      Category:dropped
                                      Size (bytes):652
                                      Entropy (8bit):3.1209049775152384
                                      Encrypted:false
                                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryuak7YnqqMPN5Dlq5J:+RI+ycuZhNwakSMPNnqX
                                      MD5:0D11A6876D6D879572BE150B5DD21C73
                                      SHA1:CED563DDA5393C5EF1D3CAA4EF138CBC575323F2
                                      SHA-256:8E496B809F7E3D2B4903CE734B205568B28131D4D42CC71BFA0FFCD166FBC78F
                                      SHA-512:7F8F01405458298AF8ADF9DC9C4B39BC47956A30DDCD347959CB4FF602DE31575F6C9331D15A97A39D46888C7BBB09EA341D5F15580B57F28A9AA340DDAF9486
                                      Malicious:false
                                      Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.k.j.w.n.q.t.4...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...1.k.j.w.n.q.t.4...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                      C:\Users\user\AppData\Local\Temp\RES3017.tmp

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols, created Thu Jul 25 15:15:33 2024, 1st section name ".debug$S"
                                      Category:dropped
                                      Size (bytes):1336
                                      Entropy (8bit):3.9785116482320926
                                      Encrypted:false
                                      SSDEEP:24:H+6m9pvHPwZHqwKTFexmfwI+ycuZhNtYakS6NPNnqSSd:etvvwZhKTAxmo1ultYa36XqSC
                                      MD5:BDE441FE89D8F02D7718AD9DB9059BF1
                                      SHA1:79315C05FA63F9E6CADDB6389545A8753D926F57
                                      SHA-256:41C60B6B255F001F0DA244EF38520A795AA50B71DD8649FF5AB23395B98F3DA6
                                      SHA-512:12921CB2BF765AA02E7A79F94F64F8141578BADFF11DAD027DF434B6D280AD29D47CEF488C9BAC5E39DA9643377A9BF279A12FEC625FCC76B4829863B0F552E8
                                      Malicious:false
                                      Preview:L....l.f.............debug$S........T...................@..B.rsrc$01........X.......8...........@..@.rsrc$02........P...B...............@..@........U....c:\Users\user\AppData\Local\Temp\srv33q4h\CSCE64E61EBE53F4480B5C383A5A36CF7D1.TMP..................\.....9.4(l}11%...........5.......C:\Users\user\AppData\Local\Temp\RES3017.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...s.r.v.3.3.q.4.h...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.

                                      C:\Users\user\AppData\Local\Temp\RES6262.tmp

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols, created Thu Jul 25 15:15:46 2024, 1st section name ".debug$S"
                                      Category:dropped
                                      Size (bytes):1332
                                      Entropy (8bit):4.014149369692774
                                      Encrypted:false
                                      SSDEEP:24:HyzW9164tHhwKTFexmfwI+ycuZhN85GakSv5XPNnqS2d:E6qKTAxmo1ul8Ea3vrqSG
                                      MD5:6DBCB91638BE2E5EE9C7006504C06C7D
                                      SHA1:9A607211847D3D1925B91AC9BC8629B921248710
                                      SHA-256:85CE4257B86C17189D5EB023FF72808C2895A64A2567AD4551447C39BFE02411
                                      SHA-512:369A7C3A27443C3E9FF4EA9A0B8E008E314D7DE32512E0761139FDF3BA2AAD5B4BF6A3473904F6962B54E562B32620929CD32D20B2859718E6DEF7710B51D3A2
                                      Malicious:false
                                      Preview:L..."l.f.............debug$S........P...................@..B.rsrc$01........X.......4...........@..@.rsrc$02........P...>...............@..@........T....c:\Users\user\AppData\Local\Temp\zkeqnbkw\CSC5F800B2BAE9D475489BCBC699BC2FE5.TMP.......................N.W..{...........5.......C:\Users\user\AppData\Local\Temp\RES6262.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...z.k.e.q.n.b.k.w...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.

                                      C:\Users\user\AppData\Local\Temp\RES6D8E.tmp

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols, created Thu Jul 25 15:15:49 2024, 1st section name ".debug$S"
                                      Category:dropped
                                      Size (bytes):1336
                                      Entropy (8bit):3.983534927270386
                                      Encrypted:false
                                      SSDEEP:24:H/m9pKLXdH4wKTFexmfwI+ycuZhNwakSMPNnqSSd:qWNnKTAxmo1ulwa3cqSC
                                      MD5:1B4C1A05AD3653789DDDBB87A9FE60ED
                                      SHA1:57837FF4CB3E01B93151D1680FB680A6DF9623BF
                                      SHA-256:43E002DE0CDF74738443C7063FE519F811A1F506307CFFFA3C52CB43A442AD86
                                      SHA-512:6A4ACC8EAEEF69C6530D6752641E55F353C06F6BE3F41F0EC8E6444FC98E6EA7118C9E2C4A0CA3CEBAE5BF747ECC803BF47CA4AE44D2902517C4B8C2AFC389AC
                                      Malicious:false
                                      Preview:L...%l.f.............debug$S........T...................@..B.rsrc$01........X.......8...........@..@.rsrc$02........P...B...............@..@........U....c:\Users\user\AppData\Local\Temp\1kjwnqt4\CSCF68404DF18AE46178AD88EB7B711C3F0.TMP......................mm..r...]..s..........5.......C:\Users\user\AppData\Local\Temp\RES6D8E.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.k.j.w.n.q.t.4...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.

                                      C:\Users\user\AppData\Local\Temp\SuWar3Tools\SuLibrary\SuLibrary.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):48128
                                      Entropy (8bit):3.8030984168652506
                                      Encrypted:false
                                      SSDEEP:384:uO8nAdw84FUinQv/LgaXDpqszUV8WMeCdIl6aLxGbVMxPbpPtJ80V/z:kBED3VqLV8WMeCdIIoGbCRbpPt60d
                                      MD5:B3B4A16A4B27992C9C2D06B90AF2B105
                                      SHA1:BEB470436730DF74B6896D01F2D2C352C07781EE
                                      SHA-256:10A1C520C53218E463B1083362C5FD13D333E01F2BB3CEB89FCF86CEBF748D10
                                      SHA-512:AC8767DDF18733A7AFAD06101DD43201C2002F8D9B73BFB70C16418AEBEAE95213EAFE6FC78BF277F63E2DC31C246998D9FC4931B375DE38AB06855D8A4D9E78
                                      Malicious:true
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&............!..0.................. ........... ....................... ............`.....................................O.......x...............................8............................................ ............... ..H............text....... ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B........................H........,..............................................................0...........s....%r...po....%r...po....%r1..po....%rQ..po....%r...po....%r...po....%r...po....}.....s....%r...po....%r...po....%r?..po....%ru..po....%r...po....%r...po....%r...po....%r...po....%r...po....%r3..po....%rK..po....%ry..po....}.....(....*...0..........s.......}.....s....}.....{...........s....o.....,.........s....(.....{.....o.....{.....o....r...p(.....{..........%...o......o....o....,?r...p.o

                                      C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\638574967303861233.zip

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                      Category:dropped
                                      Size (bytes):207752
                                      Entropy (8bit):7.992296384111276
                                      Encrypted:true
                                      SSDEEP:3072:liryvj9WgvyN9oTSVLGkTuCAC3kRcZGedaE58nNoLYdyPvYIRW3c5S7C+XxJFk:lir4kom9KcGaaESnBwpRicqXHW
                                      MD5:0012207051B30683A5F1FCEDE4F62276
                                      SHA1:3047C3E7E2D41C2EFE66A74B316B2A9988B2647B
                                      SHA-256:3C3C5D3B7CD7B62FF7AD6E8994AC76C19A78D5A349E60547C69615FF98EF9896
                                      SHA-512:1C53ECA3FB811D3919B022C599453E21CFA8BF022E7D10F43D3C08529EA65224A326F519C4FBC5A8D378F0579C4BA799307971E1B57DE3ADF10E277FE946F9AD
                                      Malicious:false
                                      Preview:PK........&..X...T....X.......Microsoft.Web.WebView2.Core.dll.].|.....i@..=..%.^...I. HY....D...;""".....DP.Q@DE...T..A......+......vgg.......^......(.....e.B.k....S."...([../..............2:.!c..iw.M..?&m..........Z-.......RQ....W...q.J...[.E..Q..-..(9N#..<pZ..U......Y...Z-..5x&T...O...K"......].0.....>..K>..(e..N...~...C........K>GMbvM.z.A........n`;.:.#.kJ...3t.N*...3bM..w...w=J.n..$.J..]J._......e3....e(Jt.m.S.....J..v.sr....g.+.*~hY.OV..R>6'...f.....6E..C.:...&.....Dt.';.%..3...w/..j..o-. w.&...S9;&'.F...q......x.^....M....r.#U...P).19....Ht.u.J.;.u.d.D=P......3Q.`#..2T)?KIK@....JZ"9V.C.;.....5T.5........o..#AQ..O{...t.}........ZM#..L..h'<;.6...K....]v.S?.....D..{cs..{\......`klN1.2.M..'.M....S.P..q.R.l......TQ&....hUK'R].1..q...n.'@..^..O2.7B..>H>.i..+I.... .:..;Xy;..z.....GI,.....$2..E.q....kg...........!......;2V.u..u..uJ.....p.-&.:C.:..$.....p...p]!q]Aq.....f..K..........0.o.........Q....p[U.p.B.F...p...h..1].......7F...pc..#S.

                                      C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\Microsoft.Web.WebView2.Core.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):567896
                                      Entropy (8bit):5.446791956614718
                                      Encrypted:false
                                      SSDEEP:12288:OPXmgCI7JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIgcvm:O7f
                                      MD5:E77CD7924E692B88AD687E1366142DAF
                                      SHA1:DE150A7FCDF074C98129434A57C87FD7A9390609
                                      SHA-256:616157863B1CD1F1330B4914DD013ADEF10A4CE8CD819598FD6BD4037C2C1646
                                      SHA-512:4110680050E6463E7DC6EE8ED053E814C03DE29A7936916FD1DBEE96C73A3336FBB8A39663F7126C1F70D34ACFB8766C4FC3015D9E5798EF611A54CBBADD5F21
                                      Malicious:true
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N.f.........." ..0..z..........f.... ........... ....................................`.....................................O.......................X(.......................................................... ............... ..H............text...ly... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B................H.......H...........\...................\.........................................(*...*:.(*.....}....*..0..........~+.....~+...(,...,.r...pr...ps-...z.....(....o/.........(0.....-..~+...(,...,.r_..p..d...(1...s2...z..(3...t....%-.r...ps2...zs6.....U....o4... .@..3.r...p..s5...z..z....o4... ....3.r...p..s5...z..z.~+...(6...,..(7...&..*....(....e.!.. ......e.!.. .................0..G.........(8...}.......}.......}.......}.......}......|......(...+..|....(:...*..0..I........(2......o..

                                      C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\Microsoft.Web.WebView2.WinForms.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):38360
                                      Entropy (8bit):6.284782646274299
                                      Encrypted:false
                                      SSDEEP:768:qijOv/1uo4D/iyUdvtYZDgcEST3p4Jjrjh2jJFSUyauTv1JKia5/Zi/WGQK4u6bf:BOvlyUptYZDgcEST3p4JjrjaJFSUyaum
                                      MD5:4EE8937206E9D8EC553A698B3A7AAA37
                                      SHA1:D85042111BCD1727EDEDEB53A95DD67CFCA71110
                                      SHA-256:FF1197C54EC571FD82E1E97A45E1000240C739B0BDC89536DB85A612ECC5FAFD
                                      SHA-512:E1AC7D7F9194EEF8C57C7204F612F2A184530A01D650BEB4FAE860D06A195BA4E89786BDCE48C00E2132CFC97CBE6D245EBCA33E708C60C6ABB8D864BD9FB7B1
                                      Malicious:true
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8............." ..0..d..........B.... ........... ....................................`.....................................O....................n...'..............8............................................ ............... ..H............text...Hb... ...d.................. ..`.rsrc................f..............@..@.reloc...............l..............@..B................$.......H........7..xE..........@}..@.............................................(....*..{....*>..}......}....*..{....*>..}......}....*..{....*>..}......}....*..{....*"..}....*..{....*>..}......}....*..{....*"..}....*...0..d........{....-K.(....-..(....-..(....-..(....,+..(.....(.....(.....(.......s....(....}.....{....%-.&.(...+*.0..C..........(....-..(.......(....,'.o.......(....o......(.......(....o ....*..0..B........#.......?}......}.....(!...}.....("....(a......(#.... . ...(#..

                                      C:\Users\user\AppData\Local\Temp\SuWar3Tools\WebView2\runtimes\win-x86\native\WebView2Loader.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):116184
                                      Entropy (8bit):6.506329478604818
                                      Encrypted:false
                                      SSDEEP:3072:mJ7FfqJR70vRq2KVsCKKa/gqeNZ/T+xEtJlAlpB9gr4fm0Z:m7fqJRQY0RKDiEtJeTgr2mI
                                      MD5:6E91D5628FCAF7A67CD8CCA2C2DE9342
                                      SHA1:36818E155A3A760306D908E318F6327D635B7453
                                      SHA-256:DD4C6797FF04625934A14AA7B22D76B847C8B6BB1CCCD7C587EE6FEC6B636121
                                      SHA-512:DF4E115A718224FCF9DC7315197B4C9135404018F0F6C176D5E826090D1B6F1DC70627C3C3B3834E6E5F721B9A809ECA7D3C51A225F5B0F176AB72CD70E48856
                                      Malicious:true
                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...K..f.........."!.................>...............................................^....@A.........................u..0...Hv..(........................'......p...4n..8....................k.......................w..<....s..`....................text............................... ..`.rdata..Lu.......v..................@..@.data................x..............@....tls................................@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\SuWar3Tools\dd3fe5a9-8ec4-44d5-9186-76398ed083f3\dd3fe5a9-8ec4-44d5-9186-76398ed083f3.log

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):19
                                      Entropy (8bit):3.195295934496218
                                      Encrypted:false
                                      SSDEEP:3:tRzFbsV:PKV
                                      MD5:4C255D5BA6E86C88D2CA7A9529CC8817
                                      SHA1:EB9FE1FD4F5D1349B9ED9A729CFE40BC777843A9
                                      SHA-256:196597B9D8F20D26F607D1CDEBC475CC92492BEAF2ACB897B486D6FC27DA5F2D
                                      SHA-512:412B893E8A99A4A031DDCD29A89B3CAC96A94A6D641510857C9EA074614A530FFCE2757AF44D77D85546F322C91215CABB6B722C8DD0D3C4E8238190F436395A
                                      Malicious:false
                                      Preview:2024-07-25 09:32:10

                                      C:\Users\user\AppData\Local\Temp\srv33q4h\CSCE64E61EBE53F4480B5C383A5A36CF7D1.TMP

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                      File Type:MSVC .res
                                      Category:dropped
                                      Size (bytes):652
                                      Entropy (8bit):3.1106337673962234
                                      Encrypted:false
                                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryPYak7Ynqq6NPN5Dlq5J:+RI+ycuZhNtYakS6NPNnqX
                                      MD5:5CA6C7FADED1398134286C7D313125E0
                                      SHA1:4AB78C9BF65CA710577110F6FF9A6E9802477E08
                                      SHA-256:C49CE1E929557DDC0B87CBBEE000308FEBAF143CAC2A83B54C9FE5FFB267F0F6
                                      SHA-512:481C2426DCBC22DBF2DC0FD6EDF193072882137991D19D3DE5104E1B7B52D391DA883706986B449197BD19F87CE77F3FF9DC1C2E54A1C060F8325D82A644B46D
                                      Malicious:false
                                      Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...s.r.v.3.3.q.4.h...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...s.r.v.3.3.q.4.h...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                      C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.0.cs

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators
                                      Category:dropped
                                      Size (bytes):18514
                                      Entropy (8bit):4.31841024179425
                                      Encrypted:false
                                      SSDEEP:192:iuNWs4b6fYymynjFmZP/G3wZ8PK8P5TXXUFaJXV3feaK0K3jh1aK053MLY/t:iuMsYAuNG3OeKelXUgXlfU3m31t
                                      MD5:3E3AD712B18F4BF1494DD5A39204F477
                                      SHA1:F2F5362F2393FC6B4B2360B7B5FECD88C002D71E
                                      SHA-256:52F8717C77C5D5C72366DB9085E22E5A7E2BA702115EBD0FF861913179DB6401
                                      SHA-512:B873F6ED382BCD2A912736C120E251B271BF5F2948C5AA320FF063A3B4B67114C5C3CC566766C1F5970B40334842BC8B1173DB3DD782A454B36C133293A77D5C
                                      Malicious:false
                                      Preview:.using System;.using System.Collections;.using System.Collections.Generic;.using System.IO;.using System.IO.Compression;.using System.Linq;.using System.Net;.using System.Net.Http;.using System.Net.Http.Headers;.using System.Text;.using System.Threading.Tasks;.using System.Web.Script.Serialization;.namespace MyCompiler_NameSpace {.public class MyCompiler_Class {.static MyCompiler_Class().. {.. //...................: .... SSL/TLS ....... System.Net.ServicePointManager.Expect100Continue = true;.. System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12 | System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls;.. System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender1, certificate, chain, errors) => true;.. }.public object GetMyObject(Dictionary<string, string> dics).{.var url =

                                      C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (334), with no line terminators
                                      Category:dropped
                                      Size (bytes):337
                                      Entropy (8bit):5.118640491549055
                                      Encrypted:false
                                      SSDEEP:6:pAu+HIWdyrL/6KewqWVAVMZO/AuA5LXxZ923fMzxszI923fPGA:p3xrL/6KeqAmZO/Au0TxeEw3x
                                      MD5:1F062D61EAD92BE0684C7A66A70E1A37
                                      SHA1:5FBA46D092143B8A2DB7DC8C829BF9B7CEB814A4
                                      SHA-256:2DBD3D8EBC53DDC7DD9367CE486418E7BA9395A9D4AC19537E6C9A683B9B2F54
                                      SHA-512:E170A67F7AE49BEDC99EFB30297196840436FEFAC24E4B25AFDB12535EAC4ED797F9B66568A70864D7A2B414E69547ECBF5E46C35B22825A2EB42EC34A96BB1B
                                      Malicious:true
                                      Preview:./t:library /utf8output /R:"mscorlib.dll" /R:"System.dll" /R:"System.Core.dll" /R:"System.IO.Compression.dll" /R:"Microsoft.CSharp.dll" /R:"System.Net.Http.dll" /R:"System.Web.Extensions.dll" /out:"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.0.cs"

                                      C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.dll

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):23552
                                      Entropy (8bit):5.481640677973249
                                      Encrypted:false
                                      SSDEEP:384:n3y8ZtEjWHpweuj2HCd+XrYGefz8CIQhZpmG+5c+6gcE42de3:ni8ZtEOmjxdAaz8CjLKs2de3
                                      MD5:2A4FB8A298693C47A840F420298AF485
                                      SHA1:3A435748A3902AA6F55ACD5F43760D5D5684B3D9
                                      SHA-256:89FF7586D74A58EC7E64B6A3649A9CD3F39086FE4B59F26E02A3027932B789E8
                                      SHA-512:BEBF9D528461FE65AC1E7A7DFB374FA9613B9A7F045CF6DFE74A81718590EC2D0880E19D6C80604BD81ACDB760AF2780E0DD38391D033DFBF2021794B7E6BE24
                                      Malicious:true
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....l.f...........!.....T...........s... ........... ....................................@.................................Ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......@D.../............................................................*..(.... ....(....~....-........s.........~....(....*..0..-.......r...p.s......rW..p...r_..p..(....o.....(...+*....0.................(....&....&.....*.................0.................(....&....&.....*..................(....-..,..o.....2...o....-.rg..p*..o....%-.&rg..p*....0..X........(....-..(....,.rg..p*.ri..po....,.s.....(...+....(....*s.....(...+.o....t........(....*.0...........,..o.....2..(....,.

                                      C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.out

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (415), with CRLF, CR line terminators
                                      Category:modified
                                      Size (bytes):836
                                      Entropy (8bit):5.263066711575368
                                      Encrypted:false
                                      SSDEEP:24:KMoqddj6KeSZO/A3e1kKax5DqBVKVrdFAMBJTH:dosj6dSZmA3e1kK2DcVKdBJj
                                      MD5:F68B79F22A6BED24396FF2BD87F96036
                                      SHA1:94296E2AE294BB8F051E25BF5A77434A69E1A34A
                                      SHA-256:FA94CEA6C9F8DA7C955086BB6F8A2BB24174E86A75E15F73B6852544C6EEDE46
                                      SHA-512:492D004D8A71599D905B51B322AFE27794D09FA75A0BFAC240313A6986FCFCDF1234B3BA42D0ADFBC8C3D374E3C93D6965589403B74058BA6CC1DC9C428E2298
                                      Malicious:false
                                      Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /t:library /utf8output /R:"mscorlib.dll" /R:"System.dll" /R:"System.Core.dll" /R:"System.IO.Compression.dll" /R:"Microsoft.CSharp.dll" /R:"System.Net.Http.dll" /R:"System.Web.Extensions.dll" /out:"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                      C:\Users\user\AppData\Local\Temp\zkeqnbkw\CSC5F800B2BAE9D475489BCBC699BC2FE5.TMP

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                      File Type:MSVC .res
                                      Category:dropped
                                      Size (bytes):652
                                      Entropy (8bit):3.1126963070808107
                                      Encrypted:false
                                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry65Gak7Ynqqv5XPN5Dlq5J:+RI+ycuZhN85GakSv5XPNnqX
                                      MD5:C0AB1D8AB9A0E8E44EB457CB8FF77B9F
                                      SHA1:371F784323BDB1731771D819733B7F413A40DCED
                                      SHA-256:6672A3C2D8C8FCB1AD85A1B5C0AD114217CFE9C2FB2BC5921974423A6407F0FF
                                      SHA-512:25C5E135DCA9B7251AA650AD6E7D9F62E1840DB2D5AB36C150C07BE8BFC0A5E3183764CC3559757DB0C2BFF80E934C395A1D24CE70DE0324A827F8111B430A9C
                                      Malicious:false
                                      Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...z.k.e.q.n.b.k.w...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...z.k.e.q.n.b.k.w...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                      C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.0.cs

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators
                                      Category:dropped
                                      Size (bytes):20000
                                      Entropy (8bit):4.34859160135715
                                      Encrypted:false
                                      SSDEEP:384:iuMsYrD2HpZFDmuNG3OeKelXUgXlfU3m31t:TRblkLO23
                                      MD5:06545AA8130572FA3E733763D161EEBF
                                      SHA1:3DDCDCCB81954F65DBE2C7A93BCB7D75B6DFA347
                                      SHA-256:B9EB405734C0B709405B1099804ED9EF942C40FB31C33A6A826F42C277A4D0AC
                                      SHA-512:1C61FD07449505B8182516A7F142B557B598BBC8A26A25174259CD10505BD431469DDE492A520D3593C1A44730C9238DC0D665C4D8BEC96F50BDC79799FBA65B
                                      Malicious:false
                                      Preview:.using System;.using System.Collections;.using System.Collections.Generic;.using System.IO;.using System.IO.Compression;.using System.Linq;.using System.Net;.using System.Net.Http;.using System.Net.Http.Headers;.using System.Text;.using System.Threading.Tasks;.using System.Web.Script.Serialization;.namespace MyCompiler_NameSpace {.public class MyCompiler_Class {.static MyCompiler_Class().. {.. //...................: .... SSL/TLS ....... System.Net.ServicePointManager.Expect100Continue = true;.. System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12 | System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls;.. System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender1, certificate, chain, errors) => true;.. }.public object GetMyObject(Dictionary<string, string> dics).{.var r = ne

                                      C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.cmdline

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (334), with no line terminators
                                      Category:dropped
                                      Size (bytes):337
                                      Entropy (8bit):5.104595952886211
                                      Encrypted:false
                                      SSDEEP:6:pAu+HIWdyrL/6KewqWVAVMZO/AuA5LXxZ923fLEMiMHUzxszI923fLEMiSn:p3xrL/6KeqAmZO/Au0TxezEMiMHUwzE6
                                      MD5:2786C7A38D0FA45A531E48156543AAB4
                                      SHA1:6D5187AAE4C45133F8BA478339154758E6CD2D32
                                      SHA-256:DBB35390027F43BEF8E89FE390A2316245E5D74AE6E8D9CF06D3750723BD5145
                                      SHA-512:44D0E25E9FC882E325955C1D34C70926581FB1B0E70B23480CE40F540BE45CD478F84456C8911E08C5AE3CF47E1629D2C38E9B24E4E826B83E54E2346885FAA5
                                      Malicious:false
                                      Preview:./t:library /utf8output /R:"mscorlib.dll" /R:"System.dll" /R:"System.Core.dll" /R:"System.IO.Compression.dll" /R:"Microsoft.CSharp.dll" /R:"System.Net.Http.dll" /R:"System.Web.Extensions.dll" /out:"C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.0.cs"

                                      C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.dll

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):25088
                                      Entropy (8bit):5.453535937282741
                                      Encrypted:false
                                      SSDEEP:384:0XXkC5rnl4EI9Wqu+zwyylQO0xDOvzbQTQvUzHphZpyG+Mcf5yMIACchD:0nrrnlm9W3dlQO0JO/RsHpLilIACchD
                                      MD5:36C841799FE7E5AB6588C5F42B6723B6
                                      SHA1:843530F2B87518FBDFEF7FAB15D51EA4FFE4B9BE
                                      SHA-256:7846DD6CFA3071158E20F27B050A2CE0175B8FFA0D6CEE2A3B4280E69898B2A3
                                      SHA-512:2BAA35CA3E610ECD2590E2645105FF73E3346AE3A15F5776DAC541ACF64DDC9C3FCE4584DFFE161F27EDA28309A1F232DCB58755C0790448E8DD6BD43066A906
                                      Malicious:true
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."l.f...........!.....Z...........x... ........... ....................................@.................................Xx..S.................................................................................... ............... ..H............text....X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............`..............@..B.................x......H........F..d1............................................................*..(.... ....(....~....-........s.........~....(....*..(....*6..{....(....*6..{....(....*..0..n.......s......(......o......81.....(..................r...p....r...p........8...........s.......9.......(....(...+..(................^...o............(....}.......i.1=....(....-2................|...o....(...+.... ...s....o....-D...i.1?....(....-4................|...o....(...+....!...s....o....-......X.......i?

                                      C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.out

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (415), with CRLF, CR line terminators
                                      Category:modified
                                      Size (bytes):836
                                      Entropy (8bit):5.27788302504193
                                      Encrypted:false
                                      SSDEEP:24:KMoqddj6KeSZO/A3etFXuKax5DqBVKVrdFAMBJTH:dosj6dSZmA3etFeK2DcVKdBJj
                                      MD5:219E5DEC7F42F336914240F08A083F38
                                      SHA1:58A8686CB0B0D51AEAAB5F70382DBFE94664D9D4
                                      SHA-256:A0A675A888ACB6ACD23CDE275394050B86303131BEBE47C57822E5DEC8B9C64E
                                      SHA-512:B91F177DFA01BD1060C0B876273DA1DC3812D85CDB2B8F2DA37D52B0CC7993F04BEFDBB05766EE7A6F1FF955DFA9F1F830E589A7DE2BB913F079568C57185BC5
                                      Malicious:false
                                      Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /t:library /utf8output /R:"mscorlib.dll" /R:"System.dll" /R:"System.Core.dll" /R:"System.IO.Compression.dll" /R:"Microsoft.CSharp.dll" /R:"System.Net.Http.dll" /R:"System.Web.Extensions.dll" /out:"C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                      C:\Users\user\Desktop\LisectAVT_2403002B_286.exe

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):5283840
                                      Entropy (8bit):7.6601712942780855
                                      Encrypted:false
                                      SSDEEP:98304:5E8ldVZpn+8vcAAdjj0X9sDuw3F5uNRYZ5oHznKML2ef9ND:LlDrc3X0X9sD1CYTHML2ef
                                      MD5:F72D84B6D1683DEE10A997DEDB825D7D
                                      SHA1:93D52D4B81F9ABF93FDF7749D1FF90B5BC8D1F6D
                                      SHA-256:6A31655B2CF2478A81B19A10877A3E08973D281F7E820097FE358364A643B818
                                      SHA-512:B281447E136758CEEC0953C33F8A29C561B5F170B7359688372C607D506E32C38F97C9A0FA696864CAE6C23B673B45AA2136A20CD3282D7AA15ABA5860D32CB3
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: Avira, Detection: 100%
                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`.,f..........#.........../.............. ....@...........................P.....G Q..............................................pP.hS..........................................................H...@............ ..@............................text...@........................... ..`.rdata....... ....... ..............@..@.data....}.......P..................@....GS.....`....0...................... ..`.pdata..IF... 6..P....5.............@..@.rsrc...hS...pP..`...@P.............@..@................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):5283840
                                      Entropy (8bit):7.6601712942780855
                                      Encrypted:false
                                      SSDEEP:98304:5E8ldVZpn+8vcAAdjj0X9sDuw3F5uNRYZ5oHznKML2ef9ND:LlDrc3X0X9sD1CYTHML2ef
                                      MD5:F72D84B6D1683DEE10A997DEDB825D7D
                                      SHA1:93D52D4B81F9ABF93FDF7749D1FF90B5BC8D1F6D
                                      SHA-256:6A31655B2CF2478A81B19A10877A3E08973D281F7E820097FE358364A643B818
                                      SHA-512:B281447E136758CEEC0953C33F8A29C561B5F170B7359688372C607D506E32C38F97C9A0FA696864CAE6C23B673B45AA2136A20CD3282D7AA15ABA5860D32CB3
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: Avira, Detection: 100%
                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`.,f..........#.........../.............. ....@...........................P.....G Q..............................................pP.hS..........................................................H...@............ ..@............................text...@........................... ..`.rdata....... ....... ..............@..@.data....}.......P..................@....GS.....`....0...................... ..`.pdata..IF... 6..P....5.............@..@.rsrc...hS...pP..`...@P.............@..@................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe.zip (copy)

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):5283840
                                      Entropy (8bit):7.6601712942780855
                                      Encrypted:false
                                      SSDEEP:98304:5E8ldVZpn+8vcAAdjj0X9sDuw3F5uNRYZ5oHznKML2ef9ND:LlDrc3X0X9sD1CYTHML2ef
                                      MD5:F72D84B6D1683DEE10A997DEDB825D7D
                                      SHA1:93D52D4B81F9ABF93FDF7749D1FF90B5BC8D1F6D
                                      SHA-256:6A31655B2CF2478A81B19A10877A3E08973D281F7E820097FE358364A643B818
                                      SHA-512:B281447E136758CEEC0953C33F8A29C561B5F170B7359688372C607D506E32C38F97C9A0FA696864CAE6C23B673B45AA2136A20CD3282D7AA15ABA5860D32CB3
                                      Malicious:true
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`.,f..........#.........../.............. ....@...........................P.....G Q..............................................pP.hS..........................................................H...@............ ..@............................text...@........................... ..`.rdata....... ....... ..............@..@.data....}.......P..................@....GS.....`....0...................... ..`.pdata..IF... 6..P....5.............@..@.rsrc...hS...pP..`...@P.............@..@................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\Desktop\SuWar3Tools.cfg

                                      Download File
                                      Process:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):17505
                                      Entropy (8bit):5.548454194962492
                                      Encrypted:false
                                      SSDEEP:192:WvHqGHZvkGHZPxGHZJfGHZl8GHZrdGHZA8GHZDQtGHZD/JGHZDpGHZwSGHZyeGH0:lGQEZJF/YnFXuZeCB78p5Ou
                                      MD5:33FE65C9DC812106694887A573FE26CE
                                      SHA1:9EC92432478DB2AF17D5D1CB9D386D0CEAB98FDD
                                      SHA-256:A7C60727A7CF2D8B32224DE2FBCF79246C124F8FBBDDCDDF1DB19EEB2FF542AD
                                      SHA-512:26D8BD699B83786F3E58F45EC58D47D418C861795C59F1B9B94CA1FD80CF451791E7342D61612BFBD1E84078F625712E62FFF1740EECF80F8C0494C324EEE6EF
                                      Malicious:false
                                      Preview:{"ReName":false,"HideTray":false,"ExtSuffix":null,"ExtLocalVer":null,"ExtPlugins":null,"ExtRunHis":null,"StartQuickly":null,"RecordPlay":false,"ChatJudgeEnter":false,"ForceRemap":false,"F1MutiID":false,"FormKeys":[57,48],"ChatPoint":null,"CusName":"7EA10491","MixList":"War=Wra;WC3=W3C","Version":"2.1.1.155","War3Caption":null,"War3Class":null,"War3Process":null,"War3Dll":null,"War3Split":",","War3Port":0,"Language":0,"KeySendType":0,"EatOriginalKey":true,"ChatJudgeByTimer":false,"PlayFloorAdd":1,"KeysInterval":0,"DbPressInterval":500,"WaitSTime":0,"WaitMTime":0,"WaitSInterval":0,"ExtKillTime":0,"PosTime":0,"PosMLen":0,"PosHasHM":true,"PosLeft":0,"PosBottom":340,"PosFloor":null,"PosExtUnits":null,"PosExtUnitTime":0,"ShutcutLeft":20,"ShutcutTop":20,"KeyState":{"KeyPress":145,"IgnoreShiftPress":false,"OriKeyType":0,"CtrlOn":false,"AltOn":false,"ShiftOn":false,"RestoreFunKey":false,"KeyTrigger":145,"Pos":0,"KeyType":0,"MouseType":0,"PosX":0,"PosY":0,"KBType":0,"KeyAct":0,"LeftClick":false,

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Entropy (8bit):7.60598685567043
                                      TrID:
                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.72%
                                      • Win32 Executable (generic) a (10002005/4) 49.67%
                                      • Windows ActiveX control (116523/4) 0.58%
                                      • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                      File name:LisectAVT_2403002B_286.exe
                                      File size:4'861'966 bytes
                                      MD5:feffd73ddba802eae61e964e78ef7e95
                                      SHA1:e727e9d97f34c4e0903f4c9188883347addae2e8
                                      SHA256:31fc993f42d691c16489d7e3e101f64362c585dd29cf40aad479dd2f53103b4c
                                      SHA512:c26703b59983e389e6f2c1d350d678b3e43ec26b3995089b1d972087171a73e056d068b245b519faaaf01a59123d68ddf970a2328ca326101d414d5d8e76dcb5
                                      SSDEEP:98304:KvbHGZpn+8vcAAGY36Vr/clxf59+XxRxy5tIAq+6l2oKxcD:KvbGrcblxf59eRxyPXq+6Y9x
                                      TLSH:6226F1433BF640B9D68B68B129779B1BABB1AE16871144C3E7D13D8ABA313C37535342
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e..........#..........p).............. ....@..........................`J......cJ....................................

                                      File Icon

                                      Icon Hash:e079515959592bd4

                                      Static PE Info

                                      General

                                      Entrypoint:0x43d9d9
                                      Entrypoint Section:.text
                                      Digitally signed:false
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                      Time Stamp:0x6587D2E7 [Sun Dec 24 06:42:47 2023 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:2abab44f29387a768ac32ec5f31bee3f

                                      Entrypoint Preview

                                      Instruction
                                      call 00007FEFF91E4BFDh
                                      jmp 00007FEFF91DC4ECh
                                      int3
                                      int3
                                      int3
                                      int3
                                      int3
                                      int3
                                      int3
                                      int3
                                      int3
                                      int3
                                      int3
                                      int3
                                      int3
                                      mov ecx, dword ptr [esp+04h]
                                      test ecx, 00000003h
                                      je 00007FEFF91DC6F6h
                                      mov al, byte ptr [ecx]
                                      add ecx, 01h
                                      test al, al
                                      je 00007FEFF91DC720h
                                      test ecx, 00000003h
                                      jne 00007FEFF91DC6C1h
                                      add eax, 00000000h
                                      lea esp, dword ptr [esp+00000000h]
                                      lea esp, dword ptr [esp+00000000h]
                                      mov eax, dword ptr [ecx]
                                      mov edx, 7EFEFEFFh
                                      add edx, eax
                                      xor eax, FFFFFFFFh
                                      xor eax, edx
                                      add ecx, 04h
                                      test eax, 81010100h
                                      je 00007FEFF91DC6BAh
                                      mov eax, dword ptr [ecx-04h]
                                      test al, al
                                      je 00007FEFF91DC704h
                                      test ah, ah
                                      je 00007FEFF91DC6F6h
                                      test eax, 00FF0000h
                                      je 00007FEFF91DC6E5h
                                      test eax, FF000000h
                                      je 00007FEFF91DC6D4h
                                      jmp 00007FEFF91DC69Fh
                                      lea eax, dword ptr [ecx-01h]
                                      mov ecx, dword ptr [esp+04h]
                                      sub eax, ecx
                                      ret
                                      lea eax, dword ptr [ecx-02h]
                                      mov ecx, dword ptr [esp+04h]
                                      sub eax, ecx
                                      ret
                                      lea eax, dword ptr [ecx-03h]
                                      mov ecx, dword ptr [esp+04h]
                                      sub eax, ecx
                                      ret
                                      lea eax, dword ptr [ecx-04h]
                                      mov ecx, dword ptr [esp+04h]
                                      sub eax, ecx
                                      ret
                                      push ebp
                                      mov ebp, esp
                                      sub esp, 20h
                                      mov eax, dword ptr [ebp+08h]
                                      push esi
                                      push edi
                                      push 00000008h
                                      pop ecx
                                      mov esi, 00452628h
                                      lea edi, dword ptr [ebp-20h]
                                      rep movsd
                                      mov dword ptr [ebp-08h], eax
                                      mov eax, dword ptr [ebp+0Ch]
                                      test eax, eax
                                      pop edi
                                      mov dword ptr [ebp-04h], eax
                                      pop esi

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x693100x104.rdata
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a00000x5358.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5f4480x40.rdata
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x520000x440.rdata
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x10000x50a200x510006c637bc1b91b409e63672a1642e34bebFalse0.5338541666666666data6.7603183934008575IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rdata0x520000x1898e0x190000e0210d0c2b63a83f5c634de4ca7837cFalse0.323251953125data5.198624352697313IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .data0x6b0000x137e580x13500024dba55eb86ec60b062159e5918216c0False0.4440807354874595data6.6308106841929915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .m!S0x1a30000x1b9ac00x1ba000e9362fb58fbb8a724b1596a429aef1aeFalse0.9398359065681561data7.6941834302880014IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .pdata0x35d0000x142bc30x143000a3393b8446af372453c73d1ef05728f3False0.8926937705592105data7.986598759119632IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .rsrc0x4a00000x53580x60001ee0675dff7e66704bcc19df22ef2532False0.545654296875data5.63281738429814IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_ICON0x4a01300x4228Device independent bitmap graphic, 64 x 128 x 32, image size 00.6608998582900331
                                      RT_GROUP_ICON0x4a43580x14data1.1
                                      RT_VERSION0x4a436c0x304data0.4261658031088083
                                      RT_MANIFEST0x4a46700xce8XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.4621670702179177

                                      Imports

                                      DLLImport
                                      KERNEL32.dllFreeLibrary, Sleep, GetTickCount, InterlockedIncrement, InterlockedDecrement, SetLastError, HeapFree, GetProcessHeap, HeapReAlloc, HeapAlloc, InitializeCriticalSection, DeleteCriticalSection, FindResourceExA, GetUserDefaultUILanguage, GetCurrentProcessId, CompareStringW, CloseHandle, SetEvent, GetLastError, CompareStringA, WaitForSingleObject, lstrcpyW, GetSystemTimeAsFileTime, FindFirstFileW, FindClose, WriteFile, lstrcatW, SetFileTime, FormatMessageA, GetModuleFileNameW, CreateFileA, ReadFile, IsBadReadPtr, SetFilePointer, CreateEventA, GetModuleFileNameA, GetCurrentProcess, GetWindowsDirectoryA, GetVolumeInformationA, FlushInstructionCache, WriteConsoleW, SetEnvironmentVariableW, WriteConsoleA, FlushFileBuffers, SetStdHandle, GetStringTypeW, GetStringTypeA, QueryPerformanceCounter, GetCommandLineW, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetConsoleMode, GetConsoleCP, GetStartupInfoA, GetFileType, SetHandleCount, LCMapStringW, LCMapStringA, IsValidCodePage, GetOEMCP, GetCPInfo, GetTimeZoneInformation, GetCurrentThreadId, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetStdHandle, HeapCreate, VirtualFree, RtlUnwind, GetStartupInfoW, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, CreateThread, ResumeThread, ExitThread, GetSystemInfo, VirtualAlloc, GetThreadLocale, GetLocaleInfoA, GetACP, HeapSize, HeapDestroy, GetVersionExA, RaiseException, WideCharToMultiByte, lstrlenW, lstrcmpiW, SetEnvironmentVariableA, IsBadWritePtr, VirtualProtect, VirtualQuery, lstrcmpiA, MultiByteToWideChar, GlobalAlloc, ExitProcess, lstrcmpA, LoadLibraryA, GetProcAddress, LockResource, LoadResource, SizeofResource, FindResourceA, lstrcpyA, lstrlenA, GetModuleHandleA, InterlockedExchange, GlobalFree, GlobalUnlock, LeaveCriticalSection, GlobalLock, EnterCriticalSection, GetConsoleOutputCP
                                      USER32.dllUnregisterClassA, ReleaseDC, GetWindowTextA, GetWindowRect, SetCursor, GetWindowLongA, LoadCursorA, GetSystemMetrics, SetWindowLongA, GetParent, GetCursorPos, GetDesktopWindow, MapWindowPoints, SetWindowPos, SendMessageA, SetForegroundWindow, ReleaseCapture, PostMessageA, BeginPaint, GetMessageA, TranslateMessage, DrawIcon, DispatchMessageA, LoadIconA, CreateDialogIndirectParamA, SetTimer, EndPaint, LoadStringA, SetClassLongA, KillTimer, DestroyWindow, EndDialog, PtInRect, GetDC, DrawEdge, InvalidateRect, GetClassNameA, PostQuitMessage, OffsetRect, TrackMouseEvent, LoadImageA, ScreenToClient, SetActiveWindow, GetWindowTextLengthA, IsDialogMessageA, SetWindowTextA, EnableWindow, GetActiveWindow, UpdateWindow, AdjustWindowRectEx, CallWindowProcA, CreateWindowExA, RegisterClassExA, DefWindowProcA, ShowWindow, SetFocus, TranslateAcceleratorA, DrawFocusRect, DrawTextA, SetCapture, MessageBoxA, wsprintfA, GetClientRect, FillRect
                                      GDI32.dllDeleteObject, CreateDIBSection, CreateSolidBrush, LineTo, MoveToEx, CreatePen, CreateCompatibleBitmap, CreateFontIndirectA, CreateCompatibleDC, DeleteDC, TextOutA, GetObjectA, SetBkMode, GetStockObject, StretchBlt, SetDIBColorTable, GetDIBColorTable, SelectObject, BitBlt, GetTextExtentPointA, SetTextColor
                                      ADVAPI32.dllRegQueryValueExA, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, RegSetValueExA
                                      ole32.dllCoSetProxyBlanket, CoInitializeEx, CreateStreamOnHGlobal, CoCreateInstance
                                      OLEAUT32.dllSafeArrayGetElement, SafeArrayGetLBound, SafeArrayGetUBound, GetErrorInfo, SafeArrayPutElement, SysAllocStringLen, VariantChangeType, VariantTimeToSystemTime, SystemTimeToVariantTime, SafeArrayDestroy, SysAllocString, SysFreeString, SysStringLen, SafeArrayCreateVector, SafeArrayAccessData, SafeArrayUnaccessData, VariantInit, VariantClear
                                      SHLWAPI.dllStrRChrW
                                      gdiplus.dllGdipDeleteGraphics, GdipGetImagePaletteSize, GdipGetImageGraphicsContext, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipGetImagePalette, GdipBitmapLockBits, GdipDisposeImage, GdipDrawImageI, GdipFree, GdiplusShutdown, GdiplusStartup, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStream, GdipBitmapUnlockBits, GdipAlloc
                                      MSIMG32.dllTransparentBlt, AlphaBlend
                                      iphlpapi.dllGetAdaptersInfo
                                      VERSION.dllGetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA

                                      Network Behavior

                                      Suricata IDS Alerts

                                      TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                      2024-07-25T15:16:59.746186+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434973240.127.169.103192.168.2.5
                                      2024-07-25T15:17:25.307313+0200TCP2012510ET SHELLCODE UTF-8/16 Encoded Shellcode44349749142.250.185.194192.168.2.5
                                      2024-07-25T15:17:38.371108+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434975840.127.169.103192.168.2.5
                                      2024-07-25T15:17:25.507948+0200TCP2012510ET SHELLCODE UTF-8/16 Encoded Shellcode44349749142.250.185.194192.168.2.5
                                      2024-07-25T15:18:52.480080+0200TCP2012510ET SHELLCODE UTF-8/16 Encoded Shellcode44349815142.250.176.194192.168.2.5
                                      2024-07-25T15:18:52.299166+0200TCP2012510ET SHELLCODE UTF-8/16 Encoded Shellcode44349818142.250.65.238192.168.2.5
                                      2024-07-25T15:18:39.999941+0200TCP2012510ET SHELLCODE UTF-8/16 Encoded Shellcode44349800142.250.80.66192.168.2.5
                                      2024-07-25T15:17:25.300914+0200TCP2012510ET SHELLCODE UTF-8/16 Encoded Shellcode44349749142.250.185.194192.168.2.5

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jul 25, 2024 15:17:05.215158939 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:05.215200901 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:05.215333939 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:05.215610027 CEST49737443192.168.2.5140.82.121.4
                                      Jul 25, 2024 15:17:05.215616941 CEST44349737140.82.121.4192.168.2.5
                                      Jul 25, 2024 15:17:05.215683937 CEST49737443192.168.2.5140.82.121.4
                                      Jul 25, 2024 15:17:05.218965054 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:05.219010115 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:05.219060898 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:05.219574928 CEST49739443192.168.2.5185.199.108.153
                                      Jul 25, 2024 15:17:05.219590902 CEST44349739185.199.108.153192.168.2.5
                                      Jul 25, 2024 15:17:05.219636917 CEST49739443192.168.2.5185.199.108.153
                                      Jul 25, 2024 15:17:05.365937948 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:05.365959883 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:05.366344929 CEST49739443192.168.2.5185.199.108.153
                                      Jul 25, 2024 15:17:05.366383076 CEST44349739185.199.108.153192.168.2.5
                                      Jul 25, 2024 15:17:05.366406918 CEST49737443192.168.2.5140.82.121.4
                                      Jul 25, 2024 15:17:05.366419077 CEST44349737140.82.121.4192.168.2.5
                                      Jul 25, 2024 15:17:05.380280972 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:05.380316019 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:06.329384089 CEST44349739185.199.108.153192.168.2.5
                                      Jul 25, 2024 15:17:06.329591990 CEST49739443192.168.2.5185.199.108.153
                                      Jul 25, 2024 15:17:06.332055092 CEST49739443192.168.2.5185.199.108.153
                                      Jul 25, 2024 15:17:06.332062006 CEST44349739185.199.108.153192.168.2.5
                                      Jul 25, 2024 15:17:06.332735062 CEST44349739185.199.108.153192.168.2.5
                                      Jul 25, 2024 15:17:06.345149040 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:06.345225096 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:06.347033978 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:06.347048044 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:06.347347021 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:06.370770931 CEST44349737140.82.121.4192.168.2.5
                                      Jul 25, 2024 15:17:06.370874882 CEST49737443192.168.2.5140.82.121.4
                                      Jul 25, 2024 15:17:06.373707056 CEST49737443192.168.2.5140.82.121.4
                                      Jul 25, 2024 15:17:06.373716116 CEST44349737140.82.121.4192.168.2.5
                                      Jul 25, 2024 15:17:06.373999119 CEST44349737140.82.121.4192.168.2.5
                                      Jul 25, 2024 15:17:06.385514021 CEST49739443192.168.2.5185.199.108.153
                                      Jul 25, 2024 15:17:06.400943995 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:06.416529894 CEST49737443192.168.2.5140.82.121.4
                                      Jul 25, 2024 15:17:06.456425905 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:06.456511974 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:06.459172964 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:06.459183931 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:06.459434986 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:06.510294914 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:07.255166054 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:07.255449057 CEST49737443192.168.2.5140.82.121.4
                                      Jul 25, 2024 15:17:07.255525112 CEST49739443192.168.2.5185.199.108.153
                                      Jul 25, 2024 15:17:07.256499052 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:07.296508074 CEST44349739185.199.108.153192.168.2.5
                                      Jul 25, 2024 15:17:07.296529055 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:07.300491095 CEST44349737140.82.121.4192.168.2.5
                                      Jul 25, 2024 15:17:07.300506115 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:07.375649929 CEST44349739185.199.108.153192.168.2.5
                                      Jul 25, 2024 15:17:07.375752926 CEST44349739185.199.108.153192.168.2.5
                                      Jul 25, 2024 15:17:07.375838041 CEST49739443192.168.2.5185.199.108.153
                                      Jul 25, 2024 15:17:07.425091982 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:07.425120115 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:07.425259113 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:07.425272942 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:07.425431013 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:07.427161932 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:07.427237988 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:07.432524920 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:07.432693958 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:07.486787081 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:07.486974001 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:07.759963036 CEST49739443192.168.2.5185.199.108.153
                                      Jul 25, 2024 15:17:07.917345047 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:07.917432070 CEST44349736216.105.38.12192.168.2.5
                                      Jul 25, 2024 15:17:07.917557955 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:07.917557955 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:07.917892933 CEST49736443192.168.2.5216.105.38.12
                                      Jul 25, 2024 15:17:07.924195051 CEST44349737140.82.121.4192.168.2.5
                                      Jul 25, 2024 15:17:07.926273108 CEST44349737140.82.121.4192.168.2.5
                                      Jul 25, 2024 15:17:07.926341057 CEST44349737140.82.121.4192.168.2.5
                                      Jul 25, 2024 15:17:07.926342964 CEST49737443192.168.2.5140.82.121.4
                                      Jul 25, 2024 15:17:07.926392078 CEST49737443192.168.2.5140.82.121.4
                                      Jul 25, 2024 15:17:07.926836967 CEST49737443192.168.2.5140.82.121.4
                                      Jul 25, 2024 15:17:07.937473059 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:07.937516928 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:07.937693119 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:07.937881947 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:07.937896013 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:07.975794077 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:07.975825071 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:07.975861073 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:07.975950956 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:07.975950956 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:07.975975037 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:07.985619068 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:07.985682964 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:07.985690117 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:07.988080978 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:07.988334894 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:07.988342047 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:08.002926111 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:08.003124952 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:08.003132105 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:08.003323078 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:08.111207008 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:08.111576080 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:08.111810923 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:08.111850023 CEST4434973813.107.42.20192.168.2.5
                                      Jul 25, 2024 15:17:08.111932039 CEST49738443192.168.2.513.107.42.20
                                      Jul 25, 2024 15:17:08.277690887 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:08.277725935 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:08.277790070 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:08.278120995 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:08.278136015 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:08.506684065 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.506759882 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.508409977 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.508433104 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.508687019 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.509954929 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.556500912 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.721781969 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.722785950 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.722852945 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.722872972 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.725058079 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.725092888 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.725117922 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.725126982 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.725167036 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.730114937 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.731268883 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.731298923 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.731326103 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.731334925 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.731379032 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.732583046 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.738404036 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.738457918 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.738466024 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.791630983 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.812102079 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:08.812418938 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:08.814393997 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.814647913 CEST44349740185.199.110.133192.168.2.5
                                      Jul 25, 2024 15:17:08.814704895 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.821547985 CEST49740443192.168.2.5185.199.110.133
                                      Jul 25, 2024 15:17:08.824374914 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:08.824394941 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:08.824775934 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:08.826227903 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:08.872498989 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.179378033 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.179663897 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.179747105 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:09.179778099 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.179816008 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:09.181236029 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.184711933 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.184883118 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:09.184894085 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.187175989 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.187244892 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:09.187252998 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.187306881 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:09.287839890 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.288021088 CEST4434974135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:09.288028955 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:09.288275957 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:09.288820982 CEST49741443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:16.334062099 CEST49742443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:16.334120989 CEST4434974235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:16.334199905 CEST49742443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:16.334821939 CEST49742443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:16.334846020 CEST4434974235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:16.423273087 CEST49742443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:16.450491905 CEST49743443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:16.450545073 CEST4434974335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:16.450695038 CEST49743443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:16.451169968 CEST49743443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:16.451195955 CEST4434974335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:16.976269960 CEST4434974335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:16.976421118 CEST49743443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:16.990787029 CEST49743443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:16.990817070 CEST4434974335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:16.991170883 CEST4434974335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:16.991281986 CEST49743443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:17.056713104 CEST49743443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:17.104501963 CEST4434974335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:17.194612980 CEST4434974335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:17.194911957 CEST4434974335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:17.194983006 CEST4434974335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:17.195034981 CEST49743443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:17.195110083 CEST49743443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:17.299690008 CEST49743443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:17.299731016 CEST4434974335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:22.370718956 CEST49746443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:22.370790958 CEST4434974635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:22.370862007 CEST49746443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:22.371284962 CEST49746443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:22.371303082 CEST4434974635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:22.933587074 CEST4434974635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:22.933660984 CEST49746443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:22.934135914 CEST49746443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:22.934148073 CEST4434974635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:24.124023914 CEST4434974635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:24.124099970 CEST49746443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:24.124110937 CEST4434974635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:24.124176025 CEST49746443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:24.220185041 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:24.220232010 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:24.220381021 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:24.233963966 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:24.233999014 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:24.943758965 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:24.943861008 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:24.945938110 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:24.945949078 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:24.946198940 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:24.948127985 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:24.988507032 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.670627117 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.713390112 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.713401079 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.760266066 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.769095898 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.769105911 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.769121885 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.769134045 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.769140005 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.769247055 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.769247055 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.769257069 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.769268990 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.769309044 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.798101902 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.798114061 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.798142910 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.798183918 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.798199892 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.798280954 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.851397038 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.869129896 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.869143963 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.869179964 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.869194984 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.869214058 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.869242907 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.869286060 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.869286060 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.888569117 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.888597965 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.888725042 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.888725042 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.888742924 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.888928890 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.898818016 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.898866892 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.898931026 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.898940086 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.898983955 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.898984909 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.911279917 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.911324978 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.911408901 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.911408901 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:25.911420107 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:25.911503077 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.184091091 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.184148073 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.184210062 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.184226036 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.184391022 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.185379028 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.199672937 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.199767113 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.222896099 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.223161936 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.276582956 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.276609898 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.276851892 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.276871920 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.276922941 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.289354086 CEST49746443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:26.289355040 CEST49746443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:26.289391994 CEST4434974635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:26.289462090 CEST49746443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:26.290020943 CEST49751443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:26.290045977 CEST4434975135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:26.290102959 CEST49751443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:26.290329933 CEST49751443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:26.290342093 CEST4434975135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:26.319489002 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.319515944 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.319665909 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.319683075 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.319853067 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.335944891 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.336133957 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.367633104 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.367660046 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.368431091 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.368463993 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.368568897 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.391047001 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.391074896 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.392904997 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.392924070 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.393830061 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.413317919 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.413348913 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.413477898 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.413489103 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.413595915 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.423887968 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.423939943 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.423990011 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.423990011 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.424002886 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.425050020 CEST49753443192.168.2.5172.217.16.194
                                      Jul 25, 2024 15:17:26.425096989 CEST44349753172.217.16.194192.168.2.5
                                      Jul 25, 2024 15:17:26.425173044 CEST49753443192.168.2.5172.217.16.194
                                      Jul 25, 2024 15:17:26.426013947 CEST49753443192.168.2.5172.217.16.194
                                      Jul 25, 2024 15:17:26.426028013 CEST44349753172.217.16.194192.168.2.5
                                      Jul 25, 2024 15:17:26.426378012 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.426449060 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.426456928 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.426490068 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.439920902 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.439949036 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.440045118 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.440073967 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.440097094 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.440300941 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.450072050 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.450098038 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.450330973 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.450354099 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.451548100 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.459939957 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.459958076 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.460073948 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.460098028 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.460167885 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.469290018 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.469335079 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.469434023 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.469434023 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.469463110 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.469644070 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.492659092 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.492688894 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.492796898 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.492796898 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.492834091 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.492897034 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.493813992 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.505378008 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.505410910 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.505512953 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.505530119 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.505556107 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.505575895 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.512414932 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.519654989 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.519680023 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.519781113 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.519782066 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.519793987 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.519887924 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.523219109 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.523303032 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.523310900 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.524736881 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.524786949 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.524794102 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.524859905 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.528001070 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.528064013 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.529848099 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.530072927 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.534636974 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.534717083 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.539383888 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.539442062 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.539495945 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.539525986 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.539562941 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.539562941 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.542097092 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.542570114 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.543591976 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.543663025 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.544555902 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.544806004 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.547995090 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.548054934 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.548116922 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.548116922 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.548130035 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.548299074 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.551836014 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.551888943 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.552037954 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.552050114 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.552103996 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.556076050 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.556165934 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.561616898 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.561638117 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.561722994 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.561744928 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.561779976 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.565504074 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.567296028 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.567312956 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.567447901 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.567459106 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.567591906 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.569288015 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.569582939 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.571779966 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.571810961 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.571866035 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.571872950 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.571912050 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.571939945 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.573333979 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.573461056 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.576908112 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.576972961 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.577020884 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.577020884 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.577033043 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.578119993 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.578207970 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.578237057 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.580775976 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.580820084 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.580856085 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.580868006 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.580882072 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.580961943 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.582854033 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.582989931 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.584801912 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.584933996 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.584948063 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.589158058 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.589174986 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.589262962 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.589262962 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.589282990 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.592442989 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.592459917 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.592518091 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.592536926 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.592549086 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.592581987 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.595679045 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.595714092 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.595792055 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.595792055 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.595814943 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.595881939 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.599322081 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.599339008 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.599431038 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.599431038 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.599452972 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.599503040 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.604022980 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.604039907 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.604209900 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.604227066 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.604299068 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.604299068 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.607747078 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.607762098 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.607857943 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.607877970 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.607923031 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.610704899 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.610723972 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.610811949 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.610811949 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.610827923 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.610972881 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.613858938 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.613876104 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.613956928 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.613956928 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.613965988 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.614445925 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.616350889 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.616364956 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.616522074 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.616544962 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.616590023 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.619091988 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.619111061 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.619505882 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.619514942 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.619714975 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.623229980 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.623249054 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.623301983 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.623308897 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.623388052 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.626300097 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.626317978 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.626471043 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.626481056 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.626599073 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.626797915 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.626797915 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.629190922 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.629209042 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.629297018 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.629297018 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.629304886 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.629700899 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.633558989 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.633593082 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.633692026 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.633692026 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.633722067 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.634008884 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.636006117 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.636037111 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.636112928 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.636112928 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.636122942 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.636245012 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.639604092 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.639632940 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.639683962 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.639708996 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.639741898 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.639741898 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.647309065 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.651107073 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.651133060 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.651186943 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.651196003 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.651257038 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.651257038 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.653728962 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.653759003 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.653829098 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.653829098 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.653836012 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.654104948 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.655989885 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.656007051 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.656050920 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.656056881 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.656094074 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.656121969 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.658447027 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.658464909 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.658540010 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.658540010 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.658545971 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.658724070 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.659390926 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.660367966 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.660382986 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.660478115 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.660478115 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.660491943 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.660608053 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.662385941 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.662403107 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.662838936 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.662846088 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.663573027 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.664271116 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.664288044 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.664335012 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.664346933 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.664563894 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.666640997 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.666661024 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.666721106 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.666733980 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.667361021 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.669661045 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.669677973 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.669749975 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.669749975 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.669755936 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.671051979 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.672359943 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.673463106 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.673480988 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.673559904 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.673566103 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.673599958 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.673599958 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.675959110 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.675977945 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.676033974 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.676047087 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.676081896 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.676081896 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.679418087 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.679440022 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.679485083 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.679501057 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.679543018 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.679543018 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.679948092 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.679948092 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.682183027 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.682202101 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.682286978 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.682286978 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.682296038 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.683449030 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.684238911 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.685184002 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.685204029 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.685282946 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.685282946 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.685290098 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.687452078 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.688886881 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.688905001 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.688982010 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.688982964 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.688990116 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.691020012 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.691077948 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.691101074 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.691101074 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.691108942 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.691648960 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.691648960 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.692753077 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.692786932 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.693459034 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.693466902 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.693830967 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.694212914 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.694561005 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.696706057 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.696727037 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.696777105 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.696784019 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.696842909 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.699728012 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.699753046 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.699853897 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.699862003 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.701982975 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.702029943 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.702044010 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.702054024 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.702133894 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.702133894 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.704715967 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.704771042 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.704828978 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.704828978 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.704837084 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.704875946 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.704948902 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.705111027 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.707299948 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.707319975 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.707365036 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.707374096 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.707410097 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.707410097 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.735013008 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.735038042 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.735151052 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.735151052 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.735166073 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.735497952 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.737751961 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.737771988 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.737833023 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.737848043 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.737884045 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.737884045 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.739897013 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.739931107 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.740010977 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.740010977 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.740020037 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.740633011 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.740680933 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.740695953 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.743489027 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.743514061 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.743550062 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.743617058 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.743617058 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.743628025 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.743665934 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.746423960 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.746454000 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.746498108 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.746507883 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.746531010 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.746563911 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.771761894 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.771785975 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.771857023 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.771864891 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.771903038 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.771903038 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.772661924 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.772763968 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.772772074 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.796251059 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.796472073 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.796488047 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.797383070 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.797427893 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.797513962 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.797513962 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.797524929 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.797574043 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.828351974 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.828382969 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.828450918 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.828463078 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.828501940 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.828531027 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.828953981 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.829124928 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.831160069 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.831188917 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.831237078 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.831237078 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.831247091 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.831336975 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.833267927 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.833288908 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.833486080 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.833492994 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.833543062 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.835835934 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.835855961 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.835932970 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.835939884 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.835957050 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.835983992 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.837908030 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.837935925 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.837985039 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.837994099 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.838027954 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.838027954 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.864793062 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.864816904 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.864876032 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.864886045 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.864923954 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.864939928 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.898545980 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.898572922 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.898684025 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.898684025 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.898691893 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.898745060 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.900295019 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.900314093 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.900407076 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.900414944 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:26.900440931 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.900474072 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:26.988411903 CEST49754443192.168.2.5172.217.16.194
                                      Jul 25, 2024 15:17:26.988462925 CEST44349754172.217.16.194192.168.2.5
                                      Jul 25, 2024 15:17:26.988554001 CEST49754443192.168.2.5172.217.16.194
                                      Jul 25, 2024 15:17:26.988817930 CEST49754443192.168.2.5172.217.16.194
                                      Jul 25, 2024 15:17:26.988833904 CEST44349754172.217.16.194192.168.2.5
                                      Jul 25, 2024 15:17:27.001638889 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.001676083 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.002206087 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.002221107 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.002588034 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.003354073 CEST4434975135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:27.003413916 CEST49751443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:27.003511906 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.003528118 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.003587961 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.003607035 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.003870964 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.004056931 CEST49751443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:27.004066944 CEST4434975135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:27.005294085 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.005310059 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.005600929 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.005611897 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.005701065 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.005980015 CEST49754443192.168.2.5172.217.16.194
                                      Jul 25, 2024 15:17:27.006568909 CEST49753443192.168.2.5172.217.16.194
                                      Jul 25, 2024 15:17:27.007186890 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.007214069 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.007277966 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.007288933 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.007322073 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.007322073 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.008862972 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.008883953 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.008964062 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.008975983 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.009011984 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.010790110 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.010807991 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.010864973 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.010875940 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.010921001 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.011853933 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.011871099 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.012367964 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.012381077 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.012515068 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.016554117 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.016571045 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.017849922 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.017860889 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.018141031 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.055665970 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.055692911 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.055751085 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.055768013 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.055820942 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.055820942 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.057895899 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.057921886 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.058049917 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.058049917 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.058059931 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.058167934 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.060353041 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.060405970 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.060450077 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.060461044 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.060478926 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.060503006 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.064963102 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.064985991 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.065046072 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.065053940 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.065085888 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.065085888 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.066809893 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.066852093 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.066891909 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.066900015 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.066926003 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.067024946 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.069399118 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.069422960 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.069495916 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.069504976 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.069555998 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.094800949 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.094842911 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.094878912 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.094888926 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.094928026 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.094928026 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.098484993 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.098510981 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.098606110 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.098615885 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.098728895 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.148598909 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.148622036 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.149200916 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.149215937 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.149272919 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.150511026 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.150530100 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.150634050 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.150640965 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.150778055 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.152333021 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.152357101 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.152447939 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.152447939 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.152456045 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.152502060 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.153891087 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.153908014 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.153996944 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.153996944 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.154004097 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.154129982 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.155811071 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.155858994 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.155869961 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.155888081 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.155910969 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.155949116 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.157272100 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.157293081 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.157382965 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.157390118 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.157466888 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.190927982 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.190952063 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.191082001 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.191097021 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.191150904 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.192526102 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.192545891 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.192624092 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.192631006 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.192641973 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.192683935 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.245990038 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.246026993 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.246098995 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.246115923 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.246170044 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.246170044 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.248826027 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.248859882 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.248941898 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.248955011 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.249013901 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.250818968 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.250840902 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.250952959 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.250963926 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.251008987 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.251791000 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.251815081 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.251996994 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.252006054 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.252063036 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.252995014 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.253021002 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.253103971 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.253113031 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.253211975 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.254216909 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.254242897 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.254316092 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.254316092 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.254323006 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.254369974 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.284905910 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.284934044 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.285029888 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.285051107 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.285162926 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.285162926 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.285928011 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.285948038 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.286029100 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.286037922 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.286089897 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.337778091 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.337804079 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.337898016 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.337913036 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.337934971 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.337964058 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.339545012 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.339569092 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.339668036 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.339668036 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.339677095 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.340130091 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.340607882 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.340626955 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.340843916 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.340853930 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.341007948 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.342722893 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.342746019 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.342869997 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.342879057 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.342945099 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.344329119 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.344357967 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.344448090 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.344456911 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.344516039 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.345227957 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.345251083 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.345817089 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.345827103 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.346091986 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.378690958 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.378714085 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.378823042 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.378839016 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.378887892 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.378887892 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.379745960 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.379765987 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.379868031 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.379877090 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.380006075 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.436698914 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.436728001 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.437045097 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.437060118 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.437151909 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.452227116 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.452256918 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.452322006 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.452332973 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.452363968 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.452378035 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.452745914 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.452763081 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.452944994 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.452951908 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.453084946 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.453685999 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.453701973 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.453807116 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.453813076 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.453864098 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.455507040 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.455523014 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.455611944 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.455611944 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.455619097 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.455787897 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.456691980 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.456717014 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.456788063 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.456788063 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.456794977 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.456932068 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.472532988 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.472567081 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.472635031 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.472650051 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.472704887 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.472704887 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.475497007 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.475517035 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.475629091 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.475629091 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.475642920 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.475689888 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.531068087 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.531105995 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.531306982 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.531306982 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.531337023 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.531434059 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.532910109 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.532932043 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.533049107 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.533065081 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.533147097 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.533801079 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.533824921 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.533885956 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.533891916 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.533948898 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.533950090 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.536153078 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.536175966 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.536283970 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.536290884 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.536348104 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.536839962 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.536865950 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.537051916 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.537058115 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.537122011 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.538115025 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.538136005 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.538204908 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.538211107 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.538259029 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.538259029 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.567045927 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.567068100 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.567178011 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.567194939 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.567398071 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.567676067 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.567701101 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.567838907 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:27.567850113 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:27.567923069 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.071837902 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.071855068 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.071896076 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.071938038 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.071960926 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.071975946 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.072016001 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.072535992 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.072567940 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.072613955 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.072622061 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.072633982 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.072663069 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.075228930 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.075248003 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.075365067 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.075376987 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.075428009 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.076162100 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.076180935 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.076287985 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.076297045 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.076343060 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.077096939 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.077114105 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.077253103 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.077264071 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.077390909 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.078921080 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.078934908 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.079003096 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.079003096 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.079011917 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.079070091 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.079672098 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.079688072 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.079751015 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.079758883 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.079813004 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.080615997 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.080634117 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.080694914 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.080708027 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.081012964 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.081713915 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.081729889 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.082027912 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.082036972 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.082272053 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.084640980 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.084656000 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.084713936 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.084722996 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.084748983 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.084772110 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.084795952 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.084795952 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.084803104 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.084867954 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.084867954 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.086010933 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.086028099 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.086092949 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.086103916 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.086173058 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.088676929 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.088697910 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.088767052 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.088778973 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.088825941 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.088977098 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.088994980 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.089077950 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.089085102 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.089095116 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.089174032 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.090691090 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.090712070 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.090785027 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.090795040 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.090969086 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.091001034 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.091022015 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.091031075 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.091039896 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.091253996 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.091253996 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.091909885 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.091928959 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.091985941 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.091995955 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.092055082 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.092829943 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.092854023 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.092978001 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.092978001 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.092993975 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.093038082 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.094001055 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.094019890 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.094214916 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.094225883 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.094311953 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.094583035 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.094600916 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.094830990 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.094842911 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.094903946 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.096165895 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.096208096 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.096317053 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.096317053 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.096328974 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.096499920 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.096754074 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.096796036 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.096837044 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.096843004 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.096935034 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.096935034 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.097728968 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.097774029 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.097837925 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.097837925 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.097852945 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.097894907 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.099395037 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.099447012 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.099519968 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.099519968 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.099526882 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.099579096 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.101250887 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.101291895 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.101418972 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.101418972 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.101425886 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.101485014 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.102327108 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.102374077 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.102421999 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.102427959 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.102446079 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.102514029 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.105436087 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.105456114 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.105536938 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.105542898 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.105608940 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.106096983 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.106115103 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.106322050 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.106328011 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.106440067 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.112310886 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.112327099 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.112454891 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.112461090 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.112500906 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.113190889 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.113208055 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.113277912 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.113279104 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.113286972 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.113327980 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.114026070 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.114047050 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.114093065 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.114109039 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.114116907 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.114331007 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.114331961 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.115102053 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.115118980 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.115215063 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.115221024 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.115956068 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.115978003 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.116107941 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.116107941 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.116115093 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.117304087 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.117321014 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.117381096 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.117387056 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.118778944 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.118807077 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.118880987 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.118880987 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.118889093 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.120310068 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.120330095 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.120434046 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.120440960 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.124552965 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.124583960 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.124631882 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.124639034 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.124675989 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.125173092 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.125194073 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.125283957 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.125283957 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.125291109 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.125822067 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.125852108 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.125885010 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.125890017 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.125962973 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.128977060 CEST4434975135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:28.129040956 CEST49751443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:28.129060984 CEST4434975135.185.44.232192.168.2.5
                                      Jul 25, 2024 15:17:28.129115105 CEST49751443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:17:28.166591883 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.167263985 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.167278051 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.167298079 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.167304039 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.167352915 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.167361975 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.167551041 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.167551041 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.168004036 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.168013096 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.168047905 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.168098927 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.168107033 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.168119907 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.168323040 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.177238941 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.177258015 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.177366018 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.177372932 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.177459955 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.177865982 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.177881956 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.177963018 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.177969933 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.178015947 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.179208040 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.179227114 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.179409027 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.179419041 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.179456949 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.181062937 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.181085110 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.181173086 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.181180954 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.181337118 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.182925940 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.182943106 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.183034897 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.183041096 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.183113098 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.184416056 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.184432030 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.184514999 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.184521914 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.184540033 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.184567928 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.289050102 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.289082050 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.289200068 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.289212942 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.289714098 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.289904118 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.289933920 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.290011883 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.290011883 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.290019035 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.290200949 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.292388916 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.292427063 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.292478085 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.292490959 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.292560101 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.292560101 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.301233053 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.301266909 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.301430941 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.301430941 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.301448107 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.301589966 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.301611900 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.301681042 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.301681042 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.301681042 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.301690102 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.301989079 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.303848982 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.303873062 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.303956032 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.304047108 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.304047108 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.304055929 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.304510117 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.306235075 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.306252956 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.306333065 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.306334019 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.306350946 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.352157116 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.383255959 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.383272886 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.383311033 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.383328915 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.383366108 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.383394003 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.383420944 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.383524895 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.383760929 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.383769989 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.383795977 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.383836031 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.383845091 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.383882046 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.383882999 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.385447979 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.385463953 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.385555983 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.385565996 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.386327028 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.386394024 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.386409998 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.386605978 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.386615038 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.386703968 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.387500048 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.387521029 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.387615919 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.387634993 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.387794018 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.391169071 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.391185045 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.391283989 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.391295910 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.391967058 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.391987085 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.392112970 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.392123938 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.392446041 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.393241882 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.393260956 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.393337011 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.393347025 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.393661022 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.685765028 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.685779095 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.685813904 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.685884953 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.685911894 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.685969114 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.685969114 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.686310053 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.686325073 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.686428070 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.686439037 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.686510086 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.687247038 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.687263012 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.687346935 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.687357903 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.688414097 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.688518047 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.688534975 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.688608885 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.688621044 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.689012051 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.689030886 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.689093113 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.689093113 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.689105988 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.689127922 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.689141989 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.689260960 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.689270973 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.689475060 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.690191984 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.690207005 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.690330029 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.690330029 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.690341949 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.690435886 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.691133022 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.691158056 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.691210032 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.691220999 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.691246033 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.691453934 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.692150116 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.692164898 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.692245007 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.692253113 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.692310095 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.693269014 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.693284035 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.693326950 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.693361044 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.693383932 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.693383932 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.693397045 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.693440914 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.693440914 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.694180012 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.694215059 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.694308043 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.694308043 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.694322109 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.694860935 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.694888115 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.694947004 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.694953918 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.695034027 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.695643902 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.695663929 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.695705891 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.695760012 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.695760012 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.695760012 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.695771933 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.695983887 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.697240114 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.697273970 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.697339058 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.697349072 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.697391987 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.697413921 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.698086977 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.698107004 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.698187113 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.698194981 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.698359966 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.698359966 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.699816942 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.699841976 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.699961901 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.699975014 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.700184107 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.700650930 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.700673103 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.701153040 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.701165915 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.701219082 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.702334881 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.702356100 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.702450991 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.702459097 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.702616930 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.704008102 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.704024076 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.704106092 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.704114914 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.704802036 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.704994917 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.705012083 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.705096006 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.705096006 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.705106020 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.705188990 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.707060099 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.707079887 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.707151890 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.707160950 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.707441092 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.707786083 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.707807064 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.707935095 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.707936049 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.707946062 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.708069086 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.756228924 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.756261110 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.756381989 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.756401062 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.757788897 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.757811069 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.757839918 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.757858992 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.757960081 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.757960081 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.759404898 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.759423018 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.759548903 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.759557962 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.760557890 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.760586023 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.760751009 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.760751009 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.760766983 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.761324883 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.762533903 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.762562990 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.762648106 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.762648106 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.762655020 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.763485909 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.763514996 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.763571024 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.763571024 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.763580084 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.763631105 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.765341043 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.765367031 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.765553951 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.765563011 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.765760899 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.766413927 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.766432047 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.766536951 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.766536951 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.766542912 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.766633987 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.851927042 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.851950884 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.852296114 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.852296114 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.852314949 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.852514029 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.854154110 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.854172945 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.854305029 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.854314089 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.854984999 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.855005980 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.855036974 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.855037928 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.855057001 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.855551004 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.855551004 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.855844975 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.855873108 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.856005907 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.856005907 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.856013060 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.856198072 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.857619047 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.857634068 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.857754946 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.857754946 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.857769966 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.858298063 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.858756065 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.858772039 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.858836889 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.858851910 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.859374046 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.860578060 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.860599041 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.861141920 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.861156940 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.861284018 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.861569881 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.861584902 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.861677885 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.861695051 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.861974955 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.951864958 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.951936960 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.951980114 CEST44349750163.181.92.223192.168.2.5
                                      Jul 25, 2024 15:17:28.951983929 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.952013016 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.952045918 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:28.952867031 CEST49750443192.168.2.5163.181.92.223
                                      Jul 25, 2024 15:17:33.585931063 CEST49751443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:07.516510010 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:07.516561985 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:07.516628981 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:07.528743982 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:07.528786898 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:07.528839111 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:07.555139065 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:07.555171013 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:07.555187941 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:07.555212021 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:08.230992079 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.231134892 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:08.234081984 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:08.234112978 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.234416962 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.276639938 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:08.610229969 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:08.639070034 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:08.639260054 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:08.641339064 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:08.641355038 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:08.641624928 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:08.643975019 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:08.656501055 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.684513092 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:08.846383095 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.846410990 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.846492052 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:08.846508026 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.846662045 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:08.939829111 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.939846039 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.939871073 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.939924955 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:08.939943075 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.939960003 CEST44349764217.197.91.145192.168.2.5
                                      Jul 25, 2024 15:18:08.939970970 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:08.940000057 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:08.940812111 CEST49764443192.168.2.5217.197.91.145
                                      Jul 25, 2024 15:18:09.246668100 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:09.246705055 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:09.246861935 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:09.246872902 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:09.247450113 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:09.440819025 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:09.440834999 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:09.440885067 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:09.440928936 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:09.440948009 CEST4434976318.166.250.135192.168.2.5
                                      Jul 25, 2024 15:18:09.440969944 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:09.441009045 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:09.441548109 CEST49763443192.168.2.518.166.250.135
                                      Jul 25, 2024 15:18:11.764713049 CEST49766443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:11.764754057 CEST4434976635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:11.764817953 CEST49766443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:11.772142887 CEST49767443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:11.772186041 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:11.772289991 CEST49767443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:11.772495031 CEST49767443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:11.772505999 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:11.773890972 CEST49766443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:11.773904085 CEST4434976635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.274534941 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.274935007 CEST49767443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.274966955 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.276010036 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.276087046 CEST49767443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.287818909 CEST49767443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.287915945 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.303622961 CEST49767443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.303637981 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.309448957 CEST4434976635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.309904099 CEST49766443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.309916973 CEST4434976635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.310952902 CEST4434976635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.311023951 CEST49766443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.311454058 CEST49766443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.311506987 CEST4434976635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.351478100 CEST49767443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.351531029 CEST49766443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.351540089 CEST4434976635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.394722939 CEST49766443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.479063988 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.483023882 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.483118057 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:12.483196020 CEST49767443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.485882044 CEST49767443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:12.485902071 CEST4434976735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:13.456010103 CEST4434976635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:13.456123114 CEST4434976635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:13.456190109 CEST49766443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:15.037329912 CEST49766443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:15.037352085 CEST4434976635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:16.189189911 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:16.189233065 CEST4434977735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:16.189320087 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:16.190184116 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:16.190210104 CEST4434977735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:16.206984043 CEST49779443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:16.207027912 CEST4434977935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:16.207091093 CEST49779443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:16.207474947 CEST49779443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:16.207492113 CEST4434977935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.407541990 CEST4434977735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.408297062 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.408324957 CEST4434977735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.409363985 CEST4434977735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.409527063 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.410501003 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.410556078 CEST4434977735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.410751104 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.410758972 CEST4434977735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.456867933 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.466782093 CEST4434977935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.467128992 CEST49779443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.467148066 CEST4434977935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.468194962 CEST4434977935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.468259096 CEST49779443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.468641043 CEST49779443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.468693972 CEST4434977935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.519845963 CEST49779443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.519857883 CEST4434977935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.566200018 CEST49779443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.581521988 CEST4434977735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.581597090 CEST4434977735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.582268953 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.582307100 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.582307100 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:17.582328081 CEST4434977735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:17.583534956 CEST49777443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:18.584570885 CEST4434977935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:18.584743023 CEST4434977935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:18.584836006 CEST49779443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:20.655534983 CEST49779443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:20.655571938 CEST4434977935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:20.832420111 CEST49787443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:20.832453966 CEST4434978735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:20.832526922 CEST49787443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:21.546487093 CEST49787443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:21.546518087 CEST4434978735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:21.648221016 CEST49788443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:21.648266077 CEST4434978835.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:21.648325920 CEST49788443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:21.649410963 CEST49789443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:21.649471045 CEST4434978935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:21.649533987 CEST49789443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:21.650038958 CEST49788443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:21.650052071 CEST4434978835.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:21.650337934 CEST49789443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:21.650350094 CEST4434978935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.090883017 CEST4434978735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.092519045 CEST49787443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.129827976 CEST49787443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.129863024 CEST4434978735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.130233049 CEST4434978735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.156589985 CEST4434978835.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.157038927 CEST49788443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.157061100 CEST4434978835.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.158171892 CEST4434978835.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.158265114 CEST49788443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.158788919 CEST49788443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.158868074 CEST4434978835.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.159034014 CEST49788443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.159041882 CEST4434978835.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.177299023 CEST49787443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.197447062 CEST4434978935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.198128939 CEST49789443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.198139906 CEST4434978935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.199197054 CEST4434978935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.199280977 CEST49789443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.199943066 CEST49789443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.199995995 CEST4434978935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.206653118 CEST49788443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.254863977 CEST49789443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.254878044 CEST4434978935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.300401926 CEST49789443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.333925009 CEST4434978835.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.334136009 CEST4434978835.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.334194899 CEST49788443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.334625006 CEST49788443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.334640980 CEST4434978835.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.350677013 CEST49787443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.392493963 CEST4434978735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.531531096 CEST4434978735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.531609058 CEST4434978735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.531650066 CEST49787443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:22.531670094 CEST4434978735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.531687021 CEST4434978735.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:22.534214020 CEST49787443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:23.052066088 CEST49787443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:23.314588070 CEST4434978935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:23.314687967 CEST4434978935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:23.314732075 CEST49789443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:23.523081064 CEST49789443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:23.523106098 CEST4434978935.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.199629068 CEST49792443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.199673891 CEST4434979235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.199738979 CEST49792443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.200083017 CEST49792443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.200094938 CEST4434979235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.202747107 CEST49793443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.202783108 CEST4434979335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.202842951 CEST49793443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.203278065 CEST49793443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.203286886 CEST4434979335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.705781937 CEST4434979235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.708292007 CEST49792443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.708327055 CEST4434979235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.709459066 CEST4434979235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.709532976 CEST49792443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.709861040 CEST49792443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.709929943 CEST4434979235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.710064888 CEST49792443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.710082054 CEST4434979235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.752048969 CEST4434979335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.752209902 CEST49792443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.755198956 CEST49793443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.755239010 CEST4434979335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.756421089 CEST4434979335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.756522894 CEST49793443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.757005930 CEST49793443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.757077932 CEST4434979335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.797646999 CEST49793443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.797677040 CEST4434979335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.845050097 CEST49793443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.876929045 CEST4434979235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.877041101 CEST4434979235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:24.877085924 CEST49792443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.879179001 CEST49792443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:24.879196882 CEST4434979235.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:25.872409105 CEST4434979335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:25.872545958 CEST4434979335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:25.872610092 CEST49793443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.322827101 CEST49793443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.322856903 CEST4434979335.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.323431015 CEST49794443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.323457003 CEST4434979435.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.323529959 CEST49794443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.324215889 CEST49794443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.324229956 CEST4434979435.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.328994989 CEST49795443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.329032898 CEST4434979535.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.329091072 CEST49795443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.329322100 CEST49795443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.329343081 CEST4434979535.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.821547985 CEST4434979435.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.822010994 CEST49794443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.822027922 CEST4434979435.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.823075056 CEST4434979435.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.823191881 CEST49794443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.825005054 CEST49794443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.825076103 CEST4434979435.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.825700998 CEST49794443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.825711012 CEST4434979435.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.878468037 CEST49794443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.880534887 CEST4434979535.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.881067038 CEST49795443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.881095886 CEST4434979535.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.884886980 CEST4434979535.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.884987116 CEST49795443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.885416031 CEST49795443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.885499001 CEST4434979535.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.925148964 CEST49795443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.925160885 CEST4434979535.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.972068071 CEST49795443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.992010117 CEST4434979435.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.992099047 CEST4434979435.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:27.992213011 CEST49794443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.993733883 CEST49794443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:27.993757010 CEST4434979435.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:29.000268936 CEST4434979535.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:29.000380993 CEST4434979535.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:29.000492096 CEST49795443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:29.240008116 CEST49795443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:29.240036011 CEST4434979535.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:37.993477106 CEST49796443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:37.993518114 CEST4434979635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:37.993624926 CEST49796443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:38.895136118 CEST49804443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:38.895178080 CEST44349804148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:38.895631075 CEST49804443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:40.245608091 CEST49804443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:40.245671034 CEST44349804148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:40.625341892 CEST49796443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:40.625366926 CEST4434979635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:41.131670952 CEST44349804148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:41.131799936 CEST49804443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:41.141925097 CEST4434979635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:41.142000914 CEST49796443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:41.172559977 CEST49804443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:41.172578096 CEST44349804148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:41.176893950 CEST44349804148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:41.222192049 CEST49804443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:41.302772999 CEST49796443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:41.302850008 CEST4434979635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:41.303484917 CEST4434979635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:41.347063065 CEST49796443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:41.544845104 CEST49804443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:41.592535019 CEST44349804148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:41.819083929 CEST49796443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:41.864499092 CEST4434979635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:41.931428909 CEST44349804148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:41.931514025 CEST44349804148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:41.931577921 CEST49804443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:41.977905035 CEST4434979635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:41.977952957 CEST4434979635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:41.978025913 CEST4434979635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:41.978056908 CEST49796443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:41.978127003 CEST49796443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:43.106386900 CEST49804443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:43.614974022 CEST49796443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:47.790065050 CEST49807443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:47.790123940 CEST44349807148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:47.790235996 CEST49807443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:47.839109898 CEST49807443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:47.839140892 CEST44349807148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:47.853029013 CEST49808443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:47.853117943 CEST44349808148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:47.853198051 CEST49808443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:47.896316051 CEST49808443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:47.896358967 CEST44349808148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.490807056 CEST44349807148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.491061926 CEST49807443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:48.497314930 CEST49807443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:48.497339010 CEST44349807148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.498164892 CEST44349807148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.526279926 CEST49807443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:48.552617073 CEST44349808148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.552854061 CEST49808443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:48.558254957 CEST49808443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:48.558276892 CEST44349808148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.558670998 CEST44349808148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.572509050 CEST44349807148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.583838940 CEST49808443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:48.628514051 CEST44349808148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.986026049 CEST44349807148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.986236095 CEST44349807148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:48.986330986 CEST49807443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:49.026401997 CEST49807443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:49.084980965 CEST44349808148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:49.085073948 CEST44349808148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:49.085251093 CEST49808443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:49.126272917 CEST49808443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:49.646410942 CEST49811443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:49.646485090 CEST44349811148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:49.646559000 CEST49811443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:49.689316034 CEST49811443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:49.689393997 CEST44349811148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:50.374206066 CEST44349811148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:50.374315977 CEST49811443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:50.380455017 CEST49811443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:50.380506039 CEST44349811148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:50.380836964 CEST44349811148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:50.406272888 CEST49811443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:50.448506117 CEST44349811148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:51.063508987 CEST44349811148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:51.063587904 CEST44349811148.153.35.66192.168.2.5
                                      Jul 25, 2024 15:18:51.063787937 CEST49811443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:51.106257915 CEST49811443192.168.2.5148.153.35.66
                                      Jul 25, 2024 15:18:53.671320915 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:53.671374083 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:53.671454906 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:53.671683073 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:53.671694994 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.194117069 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.194406986 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.194434881 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.195468903 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.195538998 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.196593046 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.196651936 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.196852922 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.196862936 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.236397028 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.494560003 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.494600058 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.494642973 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.494669914 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.494712114 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.494837999 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.494864941 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.494904041 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.494910002 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.496726036 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.496809006 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.496817112 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.496855974 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.499806881 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.499854088 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.499860048 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.499876976 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.499924898 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.500020981 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.500036955 CEST4434982635.185.44.232192.168.2.5
                                      Jul 25, 2024 15:18:54.500046968 CEST49826443192.168.2.535.185.44.232
                                      Jul 25, 2024 15:18:54.500197887 CEST49826443192.168.2.535.185.44.232

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jul 25, 2024 15:17:05.121706963 CEST4953053192.168.2.51.1.1.1
                                      Jul 25, 2024 15:17:05.137460947 CEST5368753192.168.2.51.1.1.1
                                      Jul 25, 2024 15:17:05.138478994 CEST5322853192.168.2.51.1.1.1
                                      Jul 25, 2024 15:17:05.140048027 CEST5618053192.168.2.51.1.1.1
                                      Jul 25, 2024 15:17:05.147799015 CEST53495301.1.1.1192.168.2.5
                                      Jul 25, 2024 15:17:05.151341915 CEST53536871.1.1.1192.168.2.5
                                      Jul 25, 2024 15:17:05.151638985 CEST53561801.1.1.1192.168.2.5
                                      Jul 25, 2024 15:17:05.158674002 CEST53532281.1.1.1192.168.2.5
                                      Jul 25, 2024 15:17:07.840617895 CEST4929553192.168.2.51.1.1.1
                                      Jul 25, 2024 15:17:07.927582026 CEST6408253192.168.2.51.1.1.1
                                      Jul 25, 2024 15:17:07.935935020 CEST53640821.1.1.1192.168.2.5
                                      Jul 25, 2024 15:17:08.276521921 CEST53492951.1.1.1192.168.2.5
                                      Jul 25, 2024 15:17:24.013842106 CEST6511453192.168.2.51.1.1.1
                                      Jul 25, 2024 15:17:24.200264931 CEST53651141.1.1.1192.168.2.5
                                      Jul 25, 2024 15:17:26.311145067 CEST6530953192.168.2.51.1.1.1
                                      Jul 25, 2024 15:17:26.404793978 CEST53653091.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:07.489098072 CEST6546353192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:07.507283926 CEST53654631.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:07.516571045 CEST5618153192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:07.528131962 CEST53561811.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:11.317214966 CEST5384853192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:11.317614079 CEST5310453192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:11.318504095 CEST5219553192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:11.655781984 CEST53521951.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:11.706398964 CEST53531041.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:11.763910055 CEST53538481.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:15.036781073 CEST5794453192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:15.037084103 CEST6302053192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:15.037959099 CEST5284053192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:15.038254976 CEST5326653192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:15.043896914 CEST53579441.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:15.044002056 CEST53630201.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:15.044960022 CEST53528401.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:15.045356035 CEST53532661.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:16.202941895 CEST6456153192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:16.209388018 CEST5609553192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:16.209999084 CEST5634253192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:16.900748968 CEST53560951.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:16.900762081 CEST53563421.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:17.215337038 CEST5811353192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:17.370878935 CEST53645611.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:17.580503941 CEST53581131.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:20.252326012 CEST6404553192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:20.535438061 CEST53640451.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:38.570329905 CEST6161853192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:38.578553915 CEST53616181.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:49.214260101 CEST4915453192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:49.231856108 CEST5446153192.168.2.51.1.1.1
                                      Jul 25, 2024 15:18:49.249301910 CEST53544611.1.1.1192.168.2.5
                                      Jul 25, 2024 15:18:49.586570024 CEST53491541.1.1.1192.168.2.5

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Jul 25, 2024 15:17:05.121706963 CEST192.168.2.51.1.1.10x387aStandard query (0)dev.azure.comA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:05.137460947 CEST192.168.2.51.1.1.10xa489Standard query (0)github.comA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:05.138478994 CEST192.168.2.51.1.1.10x7a5dStandard query (0)war3tools.github.ioA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:05.140048027 CEST192.168.2.51.1.1.10x970dStandard query (0)master.dl.sourceforge.netA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:07.840617895 CEST192.168.2.51.1.1.10x78c9Standard query (0)war3tools.suyx.netA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:07.927582026 CEST192.168.2.51.1.1.10x1100Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.013842106 CEST192.168.2.51.1.1.10xd240Standard query (0)nim-nosdn.netease.imA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:26.311145067 CEST192.168.2.51.1.1.10x2988Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:07.489098072 CEST192.168.2.51.1.1.10x41a5Standard query (0)gitea.comA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:07.516571045 CEST192.168.2.51.1.1.10x6589Standard query (0)codeberg.orgA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:11.317214966 CEST192.168.2.51.1.1.10x6035Standard query (0)war3tools.suyx.netA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:11.317614079 CEST192.168.2.51.1.1.10xa435Standard query (0)war3tools.suyx.net65IN (0x0001)false
                                      Jul 25, 2024 15:18:11.318504095 CEST192.168.2.51.1.1.10x82b6Standard query (0)war3tools.suyx.netA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:15.036781073 CEST192.168.2.51.1.1.10x7240Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:15.037084103 CEST192.168.2.51.1.1.10xe5ccStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                      Jul 25, 2024 15:18:15.037959099 CEST192.168.2.51.1.1.10xe053Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:15.038254976 CEST192.168.2.51.1.1.10xdd67Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                      Jul 25, 2024 15:18:16.202941895 CEST192.168.2.51.1.1.10xa0e3Standard query (0)war3tools.suyx.netA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:16.209388018 CEST192.168.2.51.1.1.10x7004Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:16.209999084 CEST192.168.2.51.1.1.10x6f01Standard query (0)googleads.g.doubleclick.net65IN (0x0001)false
                                      Jul 25, 2024 15:18:17.215337038 CEST192.168.2.51.1.1.10x19a5Standard query (0)war3tools.suyx.netA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:20.252326012 CEST192.168.2.51.1.1.10x34d4Standard query (0)war3tools.gitlab.ioA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:38.570329905 CEST192.168.2.51.1.1.10x6003Standard query (0)api.bilibili.comA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:49.214260101 CEST192.168.2.51.1.1.10xcde6Standard query (0)visitor-badge.laobi.icuA (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:49.231856108 CEST192.168.2.51.1.1.10x2aa8Standard query (0)hits.dwyl.comA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Jul 25, 2024 15:17:05.147799015 CEST1.1.1.1192.168.2.50x387aNo error (0)dev.azure.com13.107.42.20A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:05.151341915 CEST1.1.1.1192.168.2.50xa489No error (0)github.com140.82.121.4A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:05.151638985 CEST1.1.1.1192.168.2.50x970dNo error (0)master.dl.sourceforge.net216.105.38.12A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:05.158674002 CEST1.1.1.1192.168.2.50x7a5dNo error (0)war3tools.github.io185.199.108.153A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:05.158674002 CEST1.1.1.1192.168.2.50x7a5dNo error (0)war3tools.github.io185.199.111.153A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:05.158674002 CEST1.1.1.1192.168.2.50x7a5dNo error (0)war3tools.github.io185.199.110.153A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:05.158674002 CEST1.1.1.1192.168.2.50x7a5dNo error (0)war3tools.github.io185.199.109.153A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:07.935935020 CEST1.1.1.1192.168.2.50x1100No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:07.935935020 CEST1.1.1.1192.168.2.50x1100No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:07.935935020 CEST1.1.1.1192.168.2.50x1100No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:07.935935020 CEST1.1.1.1192.168.2.50x1100No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:08.276521921 CEST1.1.1.1192.168.2.50x78c9No error (0)war3tools.suyx.netwar3tools.gitlab.ioCNAME (Canonical name)IN (0x0001)false
                                      Jul 25, 2024 15:17:08.276521921 CEST1.1.1.1192.168.2.50x78c9No error (0)war3tools.gitlab.io35.185.44.232A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.200264931 CEST1.1.1.1192.168.2.50xd240No error (0)nim-nosdn.netease.imnim-nosdn.netease.im.163jiasu.comCNAME (Canonical name)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.200264931 CEST1.1.1.1192.168.2.50xd240No error (0)nim-nosdn.netease.im.163jiasu.comnim-nosdn.netease.im.w.kunluncan.comCNAME (Canonical name)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.200264931 CEST1.1.1.1192.168.2.50xd240No error (0)nim-nosdn.netease.im.w.kunluncan.com163.181.92.223A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.200264931 CEST1.1.1.1192.168.2.50xd240No error (0)nim-nosdn.netease.im.w.kunluncan.com163.181.92.239A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.200264931 CEST1.1.1.1192.168.2.50xd240No error (0)nim-nosdn.netease.im.w.kunluncan.com163.181.92.240A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.200264931 CEST1.1.1.1192.168.2.50xd240No error (0)nim-nosdn.netease.im.w.kunluncan.com163.181.92.241A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.200264931 CEST1.1.1.1192.168.2.50xd240No error (0)nim-nosdn.netease.im.w.kunluncan.com163.181.92.243A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.200264931 CEST1.1.1.1192.168.2.50xd240No error (0)nim-nosdn.netease.im.w.kunluncan.com163.181.92.245A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.200264931 CEST1.1.1.1192.168.2.50xd240No error (0)nim-nosdn.netease.im.w.kunluncan.com163.181.92.246A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:24.200264931 CEST1.1.1.1192.168.2.50xd240No error (0)nim-nosdn.netease.im.w.kunluncan.com163.181.92.249A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:17:26.404793978 CEST1.1.1.1192.168.2.50x2988No error (0)googleads.g.doubleclick.net172.217.16.194A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:07.507283926 CEST1.1.1.1192.168.2.50x41a5No error (0)gitea.com18.166.250.135A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:07.528131962 CEST1.1.1.1192.168.2.50x6589No error (0)codeberg.org217.197.91.145A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:11.655781984 CEST1.1.1.1192.168.2.50x82b6No error (0)war3tools.suyx.netwar3tools.gitlab.ioCNAME (Canonical name)IN (0x0001)false
                                      Jul 25, 2024 15:18:11.655781984 CEST1.1.1.1192.168.2.50x82b6No error (0)war3tools.gitlab.io35.185.44.232A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:11.706398964 CEST1.1.1.1192.168.2.50xa435No error (0)war3tools.suyx.netwar3tools.gitlab.ioCNAME (Canonical name)IN (0x0001)false
                                      Jul 25, 2024 15:18:11.763910055 CEST1.1.1.1192.168.2.50x6035No error (0)war3tools.suyx.netwar3tools.gitlab.ioCNAME (Canonical name)IN (0x0001)false
                                      Jul 25, 2024 15:18:11.763910055 CEST1.1.1.1192.168.2.50x6035No error (0)war3tools.gitlab.io35.185.44.232A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:15.043896914 CEST1.1.1.1192.168.2.50x7240No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:15.043896914 CEST1.1.1.1192.168.2.50x7240No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:15.044002056 CEST1.1.1.1192.168.2.50xe5ccNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                      Jul 25, 2024 15:18:15.044960022 CEST1.1.1.1192.168.2.50xe053No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:15.044960022 CEST1.1.1.1192.168.2.50xe053No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:15.045356035 CEST1.1.1.1192.168.2.50xdd67No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                      Jul 25, 2024 15:18:16.900748968 CEST1.1.1.1192.168.2.50x7004No error (0)googleads.g.doubleclick.net216.58.206.66A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:16.900762081 CEST1.1.1.1192.168.2.50x6f01No error (0)googleads.g.doubleclick.net65IN (0x0001)false
                                      Jul 25, 2024 15:18:17.370878935 CEST1.1.1.1192.168.2.50xa0e3No error (0)war3tools.suyx.netwar3tools.gitlab.ioCNAME (Canonical name)IN (0x0001)false
                                      Jul 25, 2024 15:18:17.370878935 CEST1.1.1.1192.168.2.50xa0e3No error (0)war3tools.gitlab.io35.185.44.232A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:17.580503941 CEST1.1.1.1192.168.2.50x19a5No error (0)war3tools.suyx.netwar3tools.gitlab.ioCNAME (Canonical name)IN (0x0001)false
                                      Jul 25, 2024 15:18:17.580503941 CEST1.1.1.1192.168.2.50x19a5No error (0)war3tools.gitlab.io35.185.44.232A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:20.535438061 CEST1.1.1.1192.168.2.50x34d4No error (0)war3tools.gitlab.io35.185.44.232A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:38.578553915 CEST1.1.1.1192.168.2.50x6003No error (0)api.bilibili.coma.w.bilicdn1.comCNAME (Canonical name)IN (0x0001)false
                                      Jul 25, 2024 15:18:38.578553915 CEST1.1.1.1192.168.2.50x6003No error (0)a.w.bilicdn1.comi.w.bilicdn1.comCNAME (Canonical name)IN (0x0001)false
                                      Jul 25, 2024 15:18:38.578553915 CEST1.1.1.1192.168.2.50x6003No error (0)i.w.bilicdn1.com148.153.35.66A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:38.578553915 CEST1.1.1.1192.168.2.50x6003No error (0)i.w.bilicdn1.com148.153.34.154A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:49.249301910 CEST1.1.1.1192.168.2.50x2aa8No error (0)hits.dwyl.com172.67.187.145A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:49.249301910 CEST1.1.1.1192.168.2.50x2aa8No error (0)hits.dwyl.com104.21.7.133A (IP address)IN (0x0001)false
                                      Jul 25, 2024 15:18:49.586570024 CEST1.1.1.1192.168.2.50xcde6No error (0)visitor-badge.laobi.icu119.28.77.158A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • dev.azure.com
                                      • github.com
                                      • war3tools.github.io
                                      • master.dl.sourceforge.net
                                      • raw.githubusercontent.com
                                      • war3tools.suyx.net
                                      • nim-nosdn.netease.im
                                      • codeberg.org
                                      • gitea.com
                                      • war3tools.gitlab.io
                                      • api.bilibili.com
                                      • https:

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.54973813.107.42.204435532C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:17:07 UTC191OUTGET /war3tools/9b91b8fa-37b4-449c-8b69-5f281377e2fb/_apis/git/repositories/5bda583c-2292-4cc4-8c71-78b44a037995/items?path=/README.md HTTP/1.1
                                      Host: dev.azure.com
                                      Connection: Keep-Alive
                                      2024-07-25 13:17:07 UTC1474INHTTP/1.1 200 OK
                                      Cache-Control: no-cache, no-store, must-revalidate
                                      Pragma: no-cache
                                      Content-Length: 19742
                                      Content-Type: application/octet-stream; api-version=7.1
                                      Expires: -1
                                      P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
                                      Set-Cookie: VstsSession=%7B%22PersistentSessionId%22%3A%226556e0c1-b2ee-4378-98c1-e11bef78a6e1%22%2C%22PendingAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22CurrentAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22SignInState%22%3A%7B%7D%7D; domain=.dev.azure.com; expires=Fri, 25-Jul-2025 13:17:07 GMT; path=/; secure; HttpOnly
                                      X-TFS-ProcessId: 27575c14-a926-455e-b719-b7c8dc68d335
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                      ActivityId: ce62636c-651d-44e2-9d43-5d60d45537d7
                                      X-TFS-Session: ce62636c-651d-44e2-9d43-5d60d45537d7
                                      X-VSS-E2EID: ce62636c-651d-44e2-9d43-5d60d45537d7
                                      X-VSS-SenderDeploymentId: f466e928-5898-edb4-7123-84c15666043f
                                      X-FRAME-OPTIONS: SAMEORIGIN
                                      Content-Disposition: attachment; filename=README.md; filename*=utf-8''README.md
                                      Request-Context: appId=cid-v1:ba8cca98-f9cc-4f08-a334-706ff8d04ac6
                                      Access-Control-Expose-Headers: Request-Context
                                      X-Content-Type-Options: nosniff
                                      X-Cache: CONFIG_NOCACHE
                                      X-MSEdge-Ref: Ref A: EA7C285601DD487A88E1732E8F476FB4 Ref B: EWR30EDGE1015 Ref C: 2024-07-25T13:17:07Z
                                      Date: Thu, 25 Jul 2024 13:17:07 GMT
                                      Connection: close
                                      2024-07-25 13:17:07 UTC2722INData Raw: 23 23 23 20 e5 85 b3 e4 ba 8e 0d 0a 2a 20 e4 b8 bb e9 a1 b5 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0d 0a 2a 20 47 69 74 6c 61 62 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0d 0a 0d 0a 23 23 23 20 e9 a2 84 e8 a7 88 0d 0a 2a 20 e4 b8 bb e7 95 8c e9 9d a2 20 20 0d 0a 21 5b 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 2f 2d 2f 72 61 77 2f 6d 61 69 6e 2f 70 75 62 6c 69 63 2f 69 6d 61 67 65 73 2f 53 75 57 61 72 33 54 6f 6f 6c 73 2e 70 6e 67 20 22 e4 b8 bb e7 95 8c e9 9d a2 22 29 0d 0a 2a 20 e9
                                      Data Ascii: ### * https://war3tools.gitlab.io* Gitlab https://gitlab.com/war3tools/war3tools.gitlab.io### * ![](https://gitlab.com/war3tools/war3tools.gitlab.io/-/raw/main/public/images/SuWar3Tools.png "")*
                                      2024-07-25 13:17:07 UTC1374INData Raw: b4 a3 e4 bb bb 60 2a 2a 0d 0a 0d 0a 23 23 23 20 e4 b8 8b e8 bd bd 0d 0a 2a 20 e5 9c b0 e5 9d 80 20 20 0d 0a 5b 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 65 67 61 64 69 73 6b 2e 6e 65 74 2f 63 6c 6f 75 64 31 31 2f 69 6e 64 65 78 2e 70 68 70 2f 73 2f 59 76 74 35 73 6d 68 75 64 61 38 76 78 41 6e 5d 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 65 67 61 64 69 73 6b 2e 6e 65 74 2f 63 6c 6f 75 64 31 31 2f 69 6e 64 65 78 2e 70 68 70 2f 73 2f 59 76 74 35 73 6d 68 75 64 61 38 76 78 41 6e 29 20 20 0d 0a 5b 68 74 74 70 73 3a 2f 2f 65 2e 70 63 6c 6f 75 64 2e 6c 69 6e 6b 2f 70 75 62 6c 69 6e 6b 2f 73 68 6f 77 3f 63 6f 64 65 3d 6b 5a 75 50 66 6e 5a 50 4d 4e 75 6f 70 35 47 61 68 53 48 61 4d 63 61 53 78 62 6f 6a 70 37 41 58 49 46 58 5d 28 68 74 74 70 73 3a 2f 2f 65 2e 70 63 6c
                                      Data Ascii: `**### * [https://www.megadisk.net/cloud11/index.php/s/Yvt5smhuda8vxAn](https://www.megadisk.net/cloud11/index.php/s/Yvt5smhuda8vxAn) [https://e.pcloud.link/publink/show?code=kZuPfnZPMNuop5GahSHaMcaSxbojp7AXIFX](https://e.pcl
                                      2024-07-25 13:17:07 UTC4096INData Raw: 20 e4 bc 98 e5 8c 96 e6 a3 80 e6 9f a5 e6 9b b4 e6 96 b0 e5 af bc e8 87 b4 e7 9a 84 e5 8d a1 e9 a1 bf e9 97 ae e9 a2 98 0d 0a 20 20 2b 20 e5 85 b6 e5 ae 83 e5 b0 8f e4 bc 98 e5 8c 96 0d 0a 2a 20 5b 76 32 2e 31 2e 31 2e 31 35 34 5d 0d 0a 20 20 2b 20 e6 b7 bb e5 8a a0 57 46 45 e6 98 be e8 93 9d e6 8f 92 e4 bb b6 ef bc 8c e6 94 af e6 8c 81 31 2e 32 36 e5 92 8c 31 2e 32 37 e6 98 be e8 93 9d 0d 0a 20 20 2b 20 e8 84 9a e6 9c ac e5 8a 9f e8 83 bd e6 b7 bb e5 8a a0 e6 8c 89 e6 a0 87 e9 a2 98 e5 85 b3 e9 97 ad e7 aa 97 e5 8f a3 e7 9a 84 e5 8a 9f e8 83 bd 0d 0a 20 20 2b 20 e5 86 85 e5 ad 98 e4 bc 98 e5 8c 96 e3 80 81 e9 97 aa e9 80 80 e4 bf ae e5 a4 8d e5 8f 8a e5 85 b6 e5 ae 83 e5 b0 8f e4 bc 98 e5 8c 96 0d 0a 20 20 2b 20 e4 bc 98 e5 8c 96 e6 9d a1 e4 bb b6 e5 88
                                      Data Ascii: + * [v2.1.1.154] + WFE1.261.27 + + +
                                      2024-07-25 13:17:07 UTC4096INData Raw: 80 bb e8 be 91 0d 0a 20 20 2b 20 e4 bf ae e6 ad a3 e4 ba 86 e5 88 9b e5 bb ba e4 b8 bb e6 9c ba e5 90 8e e8 8e b7 e5 8f 96 e5 9c b0 e5 9b be e8 b7 af e5 be 84 e4 b9 b1 e7 a0 81 e7 9a 84 e9 97 ae e9 a2 98 0d 0a 20 20 2b 20 e4 bf ae e6 ad a3 e5 96 8a e8 af 9d e6 97 b6 e4 bc 9a e6 8c 89 e4 b8 8b 45 73 63 e7 9a 84 e9 97 ae e9 a2 98 0d 0a 20 20 2b 20 e5 85 b6 e5 ae 83 e5 b0 8f e4 bc 98 e5 8c 96 0d 0a 2a 20 5b 76 32 2e 31 2e 30 2e 31 34 36 5d 0d 0a 20 20 2b 20 e9 ab 98 e7 ba a7 e6 94 b9 e9 94 ae e6 8c 89 e4 b8 8b e7 9a 84 e9 94 ae e6 94 af e6 8c 81 e7 bb 84 e5 90 88 e5 8a 9f e8 83 bd e9 94 ae e7 9a 84 e7 8a b6 e6 80 81 e8 ae be e7 bd ae 0d 0a 20 20 2b 20 e9 ab 98 e7 ba a7 e6 94 b9 e9 94 ae e6 8c 89 e4 b8 8b e7 9a 84 e9 94 ae e6 94 af e6 8c 81 e6 8c 89 e4 b8 8b
                                      Data Ascii: + + Esc + * [v2.1.0.146] + +
                                      2024-07-25 13:17:08 UTC4096INData Raw: e9 94 ae e6 96 b9 e6 a1 88 e8 ae be e7 bd ae ef bc 8c e5 8f af e8 ae be e7 bd ae e8 8b b1 e9 9b 84 e4 b8 ba e6 94 b9 e9 94 ae e6 9d a1 e4 bb b6 28 e4 bb 85 e6 94 af e6 8c 81 31 2e 32 32 2d 31 2e 32 38 29 0d 0a 2a 20 5b 76 32 2e 31 2e 30 2e 31 33 36 5d 0d 0a 20 20 2b 20 e4 bc 98 e5 8c 96 31 2e 33 30 2b e7 89 88 e6 9c ac e5 ae bd e5 b1 8f e7 9a 84 e8 81 8a e5 a4 a9 e7 8a b6 e6 80 81 e6 a3 80 e6 b5 8b e9 80 bb e8 be 91 0d 0a 2a 20 5b 76 32 2e 31 2e 30 2e 31 33 35 5d 0d 0a 20 20 2b 20 e4 bc 98 e5 8c 96 e8 8b b1 e9 9b 84 e6 8a 80 e8 83 bd e6 94 b9 e9 94 ae e7 9a 84 e9 80 bb e8 be 91 0d 0a 20 20 2b 20 e5 8a a0 e5 85 a5 e5 b1 8f e8 94 bd e8 87 aa e5 ae 9a e4 b9 89 e6 8c 89 e9 94 ae e7 9a 84 e5 8a 9f e8 83 bd 0d 0a 2a 20 5b 76 32 2e 31 2e 30 2e 31 33 34 5d 0d 0a
                                      Data Ascii: (1.22-1.28)* [v2.1.0.136] + 1.30+* [v2.1.0.135] + + * [v2.1.0.134]
                                      2024-07-25 13:17:08 UTC3358INData Raw: 64 46 68 47 50 6f 30 53 30 6c 43 34 78 61 63 43 34 71 34 78 43 6a 4c 58 6c 51 7a 62 51 43 56 59 36 72 74 37 35 43 4f 78 4a 4c 5a 48 65 39 74 4e 67 62 51 67 59 59 63 70 7a 32 7a 31 59 38 67 75 42 37 4f 42 64 54 55 66 77 46 7a 6b 6d 62 39 34 49 47 35 4e 38 48 55 74 6e 54 6d 7a 61 4a 55 6c 52 36 75 52 47 69 72 64 79 4b 6d 36 2f 4b 74 33 74 34 62 57 49 64 5a 2f 77 45 75 75 4f 78 4e 78 55 39 4e 30 74 61 46 45 6c 56 2f 59 79 79 69 74 4e 36 64 48 51 50 7a 4d 48 45 78 51 6c 6d 50 7a 32 39 70 65 4b 6b 4f 44 2b 77 2f 53 70 2f 6e 73 6f 32 38 31 77 71 38 4a 2f 56 37 55 6e 65 48 4d 69 72 71 70 56 45 6a 73 74 54 76 50 42 49 68 71 72 32 50 39 68 72 78 50 6b 63 64 54 75 4e 59 61 46 48 4f 44 53 2b 4f 6d 4b 68 2f 50 4f 4f 58 47 33 37 2b 47 33 6f 34 67 7a 67 48 6c 6f 52 64
                                      Data Ascii: dFhGPo0S0lC4xacC4q4xCjLXlQzbQCVY6rt75COxJLZHe9tNgbQgYYcpz2z1Y8guB7OBdTUfwFzkmb94IG5N8HUtnTmzaJUlR6uRGirdyKm6/Kt3t4bWIdZ/wEuuOxNxU9N0taFElV/YyyitN6dHQPzMHExQlmPz29peKkOD+w/Sp/nso281wq8J/V7UneHMirqpVEjstTvPBIhqr2P9hrxPkcdTuNYaFHODS+OmKh/POOXG37+G3o4gzgHloRd


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.549737140.82.121.44435532C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:17:07 UTC115OUTGET /war3tools/war3tools.github.io/raw/master/docs/README.md HTTP/1.1
                                      Host: github.com
                                      Connection: Keep-Alive
                                      2024-07-25 13:17:07 UTC566INHTTP/1.1 302 Found
                                      Server: GitHub.com
                                      Date: Thu, 25 Jul 2024 13:17:07 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                      Access-Control-Allow-Origin:
                                      Location: https://raw.githubusercontent.com/war3tools/war3tools.github.io/master/docs/README.md
                                      Cache-Control: no-cache
                                      Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                      X-Frame-Options: deny
                                      X-Content-Type-Options: nosniff
                                      X-XSS-Protection: 0
                                      Referrer-Policy: no-referrer-when-downgrade
                                      2024-07-25 13:17:07 UTC3107INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e
                                      Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.549739185.199.108.1534435532C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:17:07 UTC78OUTGET /README.md HTTP/1.1
                                      Host: war3tools.github.io
                                      Connection: Keep-Alive
                                      2024-07-25 13:17:07 UTC582INHTTP/1.1 301 Moved Permanently
                                      Connection: close
                                      Content-Length: 162
                                      Server: GitHub.com
                                      Content-Type: text/html
                                      permissions-policy: interest-cohort=()
                                      Location: https://war3tools.suyx.net/README.md
                                      x-hosts-log-append: pages_hosts_ips:
                                      X-GitHub-Request-Id: AD5F:9D286:88D140:A43323:66A25052
                                      Accept-Ranges: bytes
                                      Age: 0
                                      Date: Thu, 25 Jul 2024 13:17:07 GMT
                                      Via: 1.1 varnish
                                      X-Served-By: cache-nyc-kteb1890089-NYC
                                      X-Cache: MISS
                                      X-Cache-Hits: 0
                                      X-Timer: S1721913427.308072,VS0,VE13
                                      Vary: Accept-Encoding
                                      X-Fastly-Request-ID: c72a18faaa04f78071fb972661a7aa413976d8f2
                                      2024-07-25 13:17:07 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.549736216.105.38.124435532C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:17:07 UTC110OUTGET /project/war3tools/README.md?viasf=1 HTTP/1.1
                                      Host: master.dl.sourceforge.net
                                      Connection: Keep-Alive
                                      2024-07-25 13:17:07 UTC222INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Thu, 25 Jul 2024 13:17:07 GMT
                                      Content-Type: application/octet-stream
                                      Content-Length: 19742
                                      Connection: close
                                      last-modified: Wed, 05 Jun 2024 09:45:01 GMT
                                      etag: "6660339d-4d1e"
                                      2024-07-25 13:17:07 UTC3874INData Raw: 23 23 23 20 e5 85 b3 e4 ba 8e 0d 0a 2a 20 e4 b8 bb e9 a1 b5 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0d 0a 2a 20 47 69 74 6c 61 62 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0d 0a 0d 0a 23 23 23 20 e9 a2 84 e8 a7 88 0d 0a 2a 20 e4 b8 bb e7 95 8c e9 9d a2 20 20 0d 0a 21 5b 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 2f 2d 2f 72 61 77 2f 6d 61 69 6e 2f 70 75 62 6c 69 63 2f 69 6d 61 67 65 73 2f 53 75 57 61 72 33 54 6f 6f 6c 73 2e 70 6e 67 20 22 e4 b8 bb e7 95 8c e9 9d a2 22 29 0d 0a 2a 20 e9
                                      Data Ascii: ### * https://war3tools.gitlab.io* Gitlab https://gitlab.com/war3tools/war3tools.gitlab.io### * ![](https://gitlab.com/war3tools/war3tools.gitlab.io/-/raw/main/public/images/SuWar3Tools.png "")*
                                      2024-07-25 13:17:07 UTC4096INData Raw: 68 74 74 70 73 3a 2f 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0d 0a 20 20 2b 20 e6 b7 bb e5 8a a0 e5 bd 93 e6 96 b9 e6 a1 88 e5 8b be e9 80 89 e4 bb 85 e5 af b9 e8 8b b1 e9 9b 84 e7 94 9f e6 95 88 e6 97 b6 e8 83 8c e5 8c 85 e6 94 b9 e9 94 ae e4 b9 9f e5 8f af e4 bb a5 e9 85 8d e7 bd ae e5 af b9 e6 89 80 e6 9c 89 e5 8d 95 e4 bd 8d e6 9c 89 e6 95 88 0d 0a 20 20 2b 20 e6 b7 bb e5 8a a0 e5 96 8a e8 af 9d e5 8f af e8 87 aa e5 ae 9a e4 b9 89 e9 97 b4 e9 9a 94 e5 bb b6 e6 97 b6 e7 9a 84 e5 8a 9f e8 83 bd 0d 0a 20 20 2b 20 e4 bc 98 e5 8c 96 41 6c 74 2b e6 95 b0 e5 ad 97 e9 94 ae e8 bf 9e e7 bb ad e5 96 8a e8 af 9d e5 8a 9f e8 83 bd 0d 0a 20 20 2b 20 e4 bc 98 e5 8c 96 e6 a3 80 e6 9f a5 e6 9b b4 e6 96 b0 e5 af bc e8 87 b4 e7 9a 84 e5 8d a1 e9 a1
                                      Data Ascii: https://war3tools.gitlab.io + + + Alt+ +
                                      2024-07-25 13:17:07 UTC4096INData Raw: 82 e8 80 83 47 69 74 6c 61 62 e5 b8 ae e5 8a a9 e8 af b4 e6 98 8e 0d 0a 20 20 2b 20 e4 bc 98 e5 8c 96 e4 ba 86 e6 89 a9 e5 b1 95 e7 a8 8b e5 ba 8f e5 9c a8 e6 a3 80 e6 b5 8b 57 61 72 33 e5 90 af e5 8a a8 e6 97 b6 e8 87 aa e5 8a a8 e6 89 a7 e8 a1 8c e7 9a 84 e9 80 bb e8 be 91 0d 0a 20 20 2b 20 e6 9a 82 e5 81 9c e5 bc 80 e5 85 b3 e4 b8 8a e5 8a a0 e5 85 a5 e5 8f b3 e9 94 ae e8 ae be e7 bd ae e5 bf ab e9 80 9f e5 90 af e5 8a a8 e9 ad 94 e5 85 bd e5 8a 9f e8 83 bd e9 80 89 e9 a1 b9 0d 0a 20 20 2b 20 e4 bf ae e6 ad a3 e4 ba 86 e2 80 9c e6 b8 b8 e6 88 8f e6 9c aa e5 bc 80 e5 a7 8b e4 b9 9f e7 94 9f e6 95 88 e2 80 9d e7 9a 84 e6 94 b9 e9 94 ae e8 a7 a6 e5 8f 91 e9 80 bb e8 be 91 0d 0a 20 20 2b 20 e4 bf ae e6 ad a3 e4 ba 86 e5 88 9b e5 bb ba e4 b8 bb e6 9c ba e5
                                      Data Ascii: Gitlab + War3 + + +
                                      2024-07-25 13:17:07 UTC4096INData Raw: b7 9d e9 94 81 e5 ae 9a e5 8a 9f e8 83 bd 28 e5 85 a8 e5 b1 80 e8 ae be e7 bd ae e5 8f b3 e8 be b9 e7 9a 84 e5 85 a5 e5 8f a3 29 0d 0a 20 20 2b 20 e5 85 b6 e5 ae 83 e7 95 8c e9 9d a2 e5 8a a0 e5 85 a5 e4 b8 80 e4 ba 9b e5 b0 8f e5 8a 9f e8 83 bd 28 e9 ad 94 e5 85 bd e7 9b b8 e5 85 b3 ef bc 8c e5 af b9 e6 88 98 e5 b9 b3 e5 8f b0 e5 90 af e5 8a a8 29 0d 0a 2a 20 5b 76 32 2e 31 2e 30 2e 31 33 37 5d 0d 0a 20 20 2b 20 e6 b7 bb e5 8a a0 e6 94 b9 e9 94 ae e4 bb 85 e5 af b9 e8 8b b1 e9 9b 84 e7 94 9f e6 95 88 e7 9a 84 e9 80 89 e9 a1 b9 e8 ae be e7 bd ae 28 e9 bb 98 e8 ae a4 e6 9c aa e5 bc 80 e5 90 af 29 0d 0a 20 20 2b 20 e5 8a a0 e5 85 a5 e9 ab 98 e7 ba a7 e6 94 b9 e9 94 ae e6 96 b9 e6 a1 88 e8 ae be e7 bd ae ef bc 8c e5 8f af e8 ae be e7 bd ae e8 8b b1 e9 9b 84
                                      Data Ascii: () + ()* [v2.1.0.137] + () +
                                      2024-07-25 13:17:07 UTC3580INData Raw: 64 43 78 49 66 35 38 77 6c 33 50 37 45 32 67 66 6b 4e 39 72 66 70 54 65 46 67 74 75 52 36 43 30 2f 4e 36 48 4b 38 74 45 51 38 79 50 36 68 62 77 43 69 69 67 71 77 73 70 52 42 56 69 4c 79 4d 50 67 49 70 6e 2f 4a 58 45 54 55 49 5a 65 39 36 32 7a 61 77 69 52 55 30 62 74 42 58 65 43 7a 6a 4a 30 53 6b 70 79 6a 69 5a 6c 6d 31 65 53 68 75 64 30 68 63 4a 59 4c 52 5a 4f 51 2f 6f 6e 37 74 72 51 6c 7a 32 56 36 6a 37 45 48 4a 54 4d 72 7a 72 6b 35 73 6a 4a 6d 74 48 48 4e 4b 79 50 73 55 33 51 30 70 66 78 4d 71 4c 31 36 32 72 53 46 45 79 37 69 74 6e 58 73 4b 43 64 42 4b 45 45 59 78 39 65 6c 62 55 65 32 34 4e 54 42 49 6f 4d 50 2b 32 57 74 76 4a 45 4e 7a 5a 48 71 50 4f 49 6f 64 46 68 47 50 6f 30 53 30 6c 43 34 78 61 63 43 34 71 34 78 43 6a 4c 58 6c 51 7a 62 51 43 56 59 36
                                      Data Ascii: dCxIf58wl3P7E2gfkN9rfpTeFgtuR6C0/N6HK8tEQ8yP6hbwCiigqwspRBViLyMPgIpn/JXETUIZe962zawiRU0btBXeCzjJ0SkpyjiZlm1eShud0hcJYLRZOQ/on7trQlz2V6j7EHJTMrzrk5sjJmtHHNKyPsU3Q0pfxMqL162rSFEy7itnXsKCdBKEEYx9elbUe24NTBIoMP+2WtvJENzZHqPOIodFhGPo0S0lC4xacC4q4xCjLXlQzbQCVY6


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.2.549740185.199.110.1334435532C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:17:08 UTC126OUTGET /war3tools/war3tools.github.io/master/docs/README.md HTTP/1.1
                                      Host: raw.githubusercontent.com
                                      Connection: Keep-Alive
                                      2024-07-25 13:17:08 UTC900INHTTP/1.1 200 OK
                                      Connection: close
                                      Content-Length: 18955
                                      Cache-Control: max-age=300
                                      Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                      Content-Type: text/plain; charset=utf-8
                                      ETag: "67d326fc1d0162834d9342568b1721fdc6dc31ac8508f3627599faad605cd49e"
                                      Strict-Transport-Security: max-age=31536000
                                      X-Content-Type-Options: nosniff
                                      X-Frame-Options: deny
                                      X-XSS-Protection: 1; mode=block
                                      X-GitHub-Request-Id: 879B:ED0E7:684620:73B016:66A25051
                                      Accept-Ranges: bytes
                                      Date: Thu, 25 Jul 2024 13:17:08 GMT
                                      Via: 1.1 varnish
                                      X-Served-By: cache-nyc-kteb1890093-NYC
                                      X-Cache: MISS
                                      X-Cache-Hits: 0
                                      X-Timer: S1721913429.616483,VS0,VE56
                                      Vary: Authorization,Accept-Encoding,Origin
                                      Access-Control-Allow-Origin: *
                                      Cross-Origin-Resource-Policy: cross-origin
                                      X-Fastly-Request-ID: 1b7dd8af19a01db5ac1c87df15661521fa5095db
                                      Expires: Thu, 25 Jul 2024 13:22:08 GMT
                                      Source-Age: 0
                                      2024-07-25 13:17:08 UTC1378INData Raw: 23 23 23 20 e5 85 b3 e4 ba 8e 0d 0a 2a 20 e4 b8 bb e9 a1 b5 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 68 75 62 2e 69 6f 0d 0a 2a 20 47 69 74 68 75 62 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 68 75 62 2e 69 6f 0d 0a 2a 20 21 5b 48 69 74 43 6f 75 6e 74 5d 28 68 74 74 70 73 3a 2f 2f 68 69 74 73 2e 64 77 79 6c 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 68 75 62 2e 69 6f 2e 73 76 67 29 0d 0a 0d 0a 23 23 23 20 e9 a2 84 e8 a7 88 0d 0a 2a 20 e4 b8 bb e7 95 8c e9 9d a2 20 20 0d 0a 21 5b 5d 28 2e 2f 69 6d 61 67 65 73 2f 53 75 57 61 72 33 54 6f 6f 6c 73 2e 70 6e 67 20 22 e4 b8 bb e7 95 8c e9 9d a2
                                      Data Ascii: ### * https://war3tools.github.io* Github https://github.com/war3tools/war3tools.github.io* ![HitCount](https://hits.dwyl.com/war3tools/war3tools.github.io.svg)### * ![](./images/SuWar3Tools.png "
                                      2024-07-25 13:17:08 UTC1378INData Raw: 85 b7 e5 ae 9e e7 8e b0 e6 98 be e8 93 9d e5 8a 9f e8 83 bd ef bc 8c e6 94 af e6 8c 81 31 2e 32 30 7e 31 2e 32 37 e7 89 88 e6 9c ac 20 2a 2a 60 28 e6 b3 a8 e6 84 8f e5 af b9 e6 88 98 e5 b9 b3 e5 8f b0 e4 b8 8a e8 b0 a8 e6 85 8e e4 bd bf e7 94 a8 29 60 2a 2a 0d 0a 2a 20 e9 ab 98 e7 ba a7 e6 94 b9 e9 94 ae ef bc 9a e7 82 b9 e5 87 bb e4 b8 80 e6 94 b9 e5 a4 9a e5 8c ba e5 9f 9f e5 8f b3 e8 be b9 e7 9a 84 e6 97 a0 e7 a9 b7 e7 ac a6 e5 8f b7 e5 8d b3 e5 8f af e8 bf 9b e5 85 a5 e9 ab 98 e7 ba a7 e6 94 b9 e9 94 ae e8 ae be e7 bd ae 20 20 0d 0a e9 ab 98 e7 ba a7 e6 94 b9 e9 94 ae e5 8f 82 e8 80 83 e7 a4 ba e4 be 8b ef bc 9a 20 5b 4f 74 68 65 72 73 2f 41 64 76 61 6e 63 65 64 43 6f 64 65 44 65 6d 6f 2f 52 45 41 44 4d 45 2e 6d 64 5d 28 68 74 74 70 73 3a 2f 2f 67 69
                                      Data Ascii: 1.20~1.27 **`()`*** [Others/AdvancedCodeDemo/README.md](https://gi
                                      2024-07-25 13:17:08 UTC1378INData Raw: 2e 70 63 6c 6f 75 64 2e 6c 69 6e 6b 2f 70 75 62 6c 69 6e 6b 2f 73 68 6f 77 3f 63 6f 64 65 3d 6b 5a 75 50 66 6e 5a 50 4d 4e 75 6f 70 35 47 61 68 53 48 61 4d 63 61 53 78 62 6f 6a 70 37 41 58 49 46 58 5d 28 68 74 74 70 73 3a 2f 2f 65 2e 70 63 6c 6f 75 64 2e 6c 69 6e 6b 2f 70 75 62 6c 69 6e 6b 2f 73 68 6f 77 3f 63 6f 64 65 3d 6b 5a 75 50 66 6e 5a 50 4d 4e 75 6f 70 35 47 61 68 53 48 61 4d 63 61 53 78 62 6f 6a 70 37 41 58 49 46 58 29 20 20 0d 0a 5b 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 65 67 61 64 69 73 6b 2e 6e 65 74 2f 63 6c 6f 75 64 31 31 2f 69 6e 64 65 78 2e 70 68 70 2f 73 2f 59 76 74 35 73 6d 68 75 64 61 38 76 78 41 6e 5d 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 65 67 61 64 69 73 6b 2e 6e 65 74 2f 63 6c 6f 75 64 31 31 2f 69 6e 64 65 78 2e 70 68 70 2f 73
                                      Data Ascii: .pcloud.link/publink/show?code=kZuPfnZPMNuop5GahSHaMcaSxbojp7AXIFX](https://e.pcloud.link/publink/show?code=kZuPfnZPMNuop5GahSHaMcaSxbojp7AXIFX) [https://www.megadisk.net/cloud11/index.php/s/Yvt5smhuda8vxAn](https://www.megadisk.net/cloud11/index.php/s
                                      2024-07-25 13:17:08 UTC1378INData Raw: a9 e5 b1 95 e6 9c 8d e5 8a a1 e5 8a 9f e8 83 bd 0d 0a 20 20 2b 20 e5 85 b6 e5 ae 83 e5 b0 8f e4 bc 98 e5 8c 96 0d 0a 2a 20 5b 76 32 2e 31 2e 31 2e 31 35 32 5d 0d 0a 20 20 2b 20 e9 ab 98 e7 ba a7 e6 94 b9 e9 94 ae e9 87 8c e5 8a a0 e5 85 a5 e6 9d a1 e4 bb b6 e8 84 9a e6 9c ac ef bc 8c e5 85 b7 e4 bd 93 e4 bd bf e7 94 a8 e8 af b7 e6 9f a5 e7 9c 8b e9 ab 98 e7 ba a7 e6 94 b9 e9 94 ae e5 b8 ae e5 8a a9 e6 96 87 e6 a1 a3 0d 0a 20 20 2b 20 e5 8a a0 e5 85 a5 e5 86 85 e7 bd ae 48 74 74 70 e6 9c 8d e5 8a a1 ef bc 8c e5 8f af e4 be 9b e5 85 b6 e5 ae 83 e5 9c ba e6 99 af e4 bd bf e7 94 a8 ef bc 8c e5 85 b7 e4 bd 93 e5 8f af e6 9f a5 e7 9c 8b 48 74 74 70 e6 9c 8d e5 8a a1 e6 89 a9 e5 b1 95 e5 b8 ae e5 8a a9 0d 0a 20 20 2b 20 e5 85 a8 e5 b1 80 e8 ae be e7 bd ae e5 8f
                                      Data Ascii: + * [v2.1.1.152] + + HttpHttp +
                                      2024-07-25 13:17:08 UTC1378INData Raw: e3 80 81 e8 bf 90 e8 a1 8c e5 8f 82 e6 95 b0 e7 9a 84 e8 87 aa e5 ae 9a e4 b9 89 e8 bf 87 e6 bb a4 e5 8a 9f e8 83 bd 0d 0a 20 20 2b 20 e9 ab 98 e7 ba a7 e6 94 b9 e9 94 ae e5 8a a0 e5 85 a5 e7 89 b9 e5 ae 9a e6 97 b6 e9 97 b4 e6 89 a7 e8 a1 8c e8 84 9a e6 9c ac e7 9a 84 e5 8a 9f e8 83 bd 0d 0a 20 20 2b 20 e5 8a a0 e5 85 a5 e6 8c 89 e9 94 ae e9 95 bf e6 8c 89 e6 97 b6 e5 8f aa e8 a7 a6 e5 8f 91 e4 b8 80 e6 ac a1 e8 84 9a e6 9c ac e7 9a 84 e9 80 89 e9 a1 b9 0d 0a 20 20 2b 20 e4 bc 98 e5 8c 96 e4 b8 ad e6 96 87 e5 96 8a e8 af 9d e7 9a 84 e4 bd bf e7 94 a8 e4 bd 93 e9 aa 8c ef bc 8c e9 99 8d e4 bd 8e e8 81 8a e5 a4 a9 e8 be 93 e5 85 a5 e6 a1 86 e7 9a 84 e9 97 aa e7 83 81 e6 95 88 e6 9e 9c 0d 0a 20 20 2b 20 e5 88 a4 e6 96 ad e6 8a 80 e8 83 bd e9 9d a2 e6 9d bf
                                      Data Ascii: + + + +
                                      2024-07-25 13:17:08 UTC1378INData Raw: 63 e5 88 a4 e6 96 ad ef bc 8c e5 a6 82 e6 9e 9c e4 b8 8d e5 ad 98 e5 9c a8 e5 88 99 e4 b8 ad e6 96 ad e5 90 8e e7 bb ad e7 82 b9 e5 87 bb e5 8a a8 e4 bd 9c 0d 0a 20 20 2b 20 e9 ab 98 e7 ba a7 e6 94 b9 e9 94 ae e5 a2 9e e5 8a a0 e5 88 a4 e6 96 ad e6 8a 80 e8 83 bd e9 9d a2 e6 9d bf e6 98 af e5 90 a6 e5 ad 98 e5 9c a8 e5 bf ab e6 8d b7 e9 94 ae ef bc 8c e5 a6 82 e6 9e 9c e5 ad 98 e5 9c a8 e5 88 99 e7 bb a7 e7 bb ad ef bc 8c e5 90 a6 e5 88 99 e4 b8 ad e6 96 ad 0d 0a 20 20 2b 20 e6 b7 bb e5 8a a0 e4 bf ae e6 94 b9 e6 8c 89 e9 94 ae e6 97 b6 e6 94 af e6 8c 81 e9 80 9a e8 bf 87 e9 bc a0 e6 a0 87 e5 8f b3 e9 94 ae e9 80 89 e6 8b a9 e6 8c 89 e9 94 ae ef bc 8c e9 81 bf e5 85 8d e9 94 ae e7 9b 98 e5 9d 8f e6 8e 89 e6 97 b6 e6 97 a0 e6 b3 95 e8 ae be e7 bd ae 0d 0a
                                      Data Ascii: c + +
                                      2024-07-25 13:17:08 UTC1378INData Raw: e5 8a a0 e5 a4 9a e6 96 b9 e6 a1 88 e5 8a 9f e8 83 bd ef bc 8c e6 9c 80 e5 a4 9a e6 94 af e6 8c 81 39 e4 b8 aa e5 96 8a e8 af 9d e6 96 b9 e6 a1 88 0d 0a 2a 20 5b 76 32 2e 31 2e 30 2e 31 34 35 5d 0d 0a 20 20 2b 20 e4 bc 98 e5 8c 96 31 2e 33 30 2b e7 89 b9 e6 ae 8a e5 9c ba e6 99 af e4 b8 8b e6 94 b9 e9 94 ae e5 a4 b1 e6 95 88 e7 9a 84 42 75 67 ef bc 8c e4 bb 8d e6 97 a0 e6 b3 95 e4 bd bf e7 94 a8 e5 8f af e5 90 af e7 94 a8 e5 bc ba e5 88 b6 e6 94 b9 e9 94 ae 0d 0a 20 20 2b 20 e5 a2 9e e5 8a a0 e8 87 aa e5 ae 9a e4 b9 89 e6 8c 89 e4 bd 8d e7 bd ae e7 82 b9 e5 88 a4 e6 96 ad e8 81 8a e5 a4 a9 e7 8a b6 e6 80 81 e7 9a 84 e5 8a 9f e8 83 bd 0d 0a 20 20 2b 20 e5 a2 9e e5 8a a0 e4 b8 80 e9 94 ae e9 9a 90 e8 97 8f e9 ad 94 e5 85 bd e7 9a 84 e5 8a 9f e8 83 bd 28 e9
                                      Data Ascii: 9* [v2.1.0.145] + 1.30+Bug + + (
                                      2024-07-25 13:17:08 UTC1378INData Raw: 94 b9 e4 b8 ba e5 85 a8 e5 b1 80 e5 8f af e7 94 a8 28 e4 bf ae e6 94 b9 e5 90 8e e9 9c 80 e4 bf 9d e5 ad 98 29 0d 0a 20 20 2b 20 e5 a2 9e e5 8a a0 e7 aa 97 e5 8f a3 e5 8c 96 e5 8a 9f e8 83 bd ef bc 8c e5 8e 9f e5 88 86 e8 be a8 e7 8e 87 e8 ae be e7 bd ae e5 8a 9f e8 83 bd e7 a7 bb e5 88 b0 e5 85 b6 e5 ae 83 e9 9d a2 e6 9d bf e9 87 8c 0d 0a 20 20 2b 20 e6 8a 80 e8 83 bd e6 94 b9 e9 94 ae e8 af 86 e5 88 ab e9 87 8d e5 a4 8d 28 49 4d 42 41 29 e5 92 8c e7 bc ba e5 b0 91 e7 9a 84 e6 83 85 e5 86 b5 28 e9 bb 98 e8 ae a4 e6 9c aa e5 bc 80 e5 90 af 29 0d 0a 20 20 2b 20 e7 82 b9 e5 87 bb e5 8f b3 e4 b8 8a e8 a7 92 e5 85 b3 e9 97 ad e6 94 b9 e4 b8 ba e5 bc 80 e5 90 af e6 94 b9 e9 94 ae e5 8a 9f e8 83 bd 28 e5 85 bc e5 ae b9 e9 9b b6 e5 ba a6 e4 b9 a0 e6 83 af 29 0d
                                      Data Ascii: () + + (IMBA)() + ()
                                      2024-07-25 13:17:08 UTC1378INData Raw: 8c 81 e6 93 8d e4 bd 9c e4 bb bb e6 84 8f e4 bd 8d e7 bd ae 0d 0a 2a 20 5b 76 32 2e 31 2e 30 2e 31 33 39 5d 0d 0a 20 20 2b 20 e9 92 88 e5 af b9 e6 8a 80 e8 83 bd e6 94 b9 e9 94 ae e7 9a 84 e9 80 bb e8 be 91 e8 bf 9b e8 a1 8c e4 ba 86 e8 b0 83 e6 95 b4 e5 92 8c e4 bc 98 e5 8c 96 ef bc 8c e5 a6 82 e6 9c 89 e9 97 ae e9 a2 98 e8 af b7 e5 8f 8a e6 97 b6 e5 8f 8d e9 a6 88 0d 0a 20 20 2b 20 e5 8a a0 e5 85 a5 e6 8a 80 e8 83 bd e9 87 8d e6 98 a0 e5 b0 84 e5 8a 9f e8 83 bd ef bc 8c e5 af b9 e6 9f 90 e4 b8 aa e5 8d 95 e4 bd 8d e5 8d 95 e7 8b ac e6 98 a0 e5 b0 84 e9 94 ae e5 80 bc e5 92 8c e9 bc a0 e6 a0 87 e7 82 b9 e5 87 bb 0d 0a 20 20 2b 20 e4 b8 80 e5 af b9 e5 a4 9a e6 94 b9 e9 94 ae e5 8f af e4 bb a5 e6 b7 bb e5 8a a0 e9 80 89 e6 8b a9 e8 8b b1 e9 9b 84 e5 92 8c
                                      Data Ascii: * [v2.1.0.139] + + +
                                      2024-07-25 13:17:08 UTC1378INData Raw: 0a 2a 20 5b 76 32 2e 31 2e 30 2e 31 33 33 5d 0d 0a 20 20 2b 20 e5 a2 9e e5 8a a0 e6 96 b9 e6 a1 88 e5 bf ab e9 80 9f e5 88 87 e6 8d a2 e5 8a 9f e8 83 bd ef bc 9a e5 a6 82 e5 90 8d e7 a7 b0 e5 89 8d e5 8a a0 e2 80 9c 5b 44 5d e2 80 9d e5 88 99 e5 bf ab e6 8d b7 e9 94 ae e4 b8 ba 43 74 72 6c 2b 53 68 69 66 74 2b 44 0d 0a 20 20 2b 20 e4 bc 98 e5 8c 96 e9 ad 94 e5 85 bd 31 2e 33 30 2b e7 89 88 e6 9c ac e5 88 a4 e6 96 ad e8 81 8a e5 a4 a9 e7 8a b6 e6 80 81 e7 9a 84 e9 80 bb e8 be 91 0d 0a 2a 20 5b 76 32 2e 31 2e 30 2e 31 33 32 5d 0d 0a 20 20 2b 20 e5 8a a0 e5 85 a5 e6 9b b4 e6 96 b0 e6 8f 90 e7 a4 ba e6 a1 86 e6 98 be e7 a4 ba e6 9b b4 e6 96 b0 e6 97 a5 e5 bf 97 e7 9a 84 e5 8a 9f e8 83 bd 0d 0a 20 20 2b 20 e5 8a a0 e5 85 a5 e9 bc a0 e6 a0 87 e6 a8 a1 e6 8b 9f
                                      Data Ascii: * [v2.1.0.133] + [D]Ctrl+Shift+D + 1.30+* [v2.1.0.132] + +


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.2.54974135.185.44.2324435532C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:17:08 UTC77OUTGET /README.md HTTP/1.1
                                      Host: war3tools.suyx.net
                                      Connection: Keep-Alive
                                      2024-07-25 13:17:09 UTC384INHTTP/1.1 200 OK
                                      Cache-Control: max-age=600
                                      Content-Length: 19531
                                      Content-Type: text/markdown; charset=utf-8
                                      Etag: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      Expires: Thu, 25 Jul 2024 13:27:09 UTC
                                      Last-Modified: Wed, 05 Jun 2024 09:43:42 GMT
                                      Permissions-Policy: interest-cohort=()
                                      Vary: Origin
                                      Date: Thu, 25 Jul 2024 13:17:09 GMT
                                      Connection: close
                                      2024-07-25 13:17:09 UTC802INData Raw: 23 23 23 20 e5 85 b3 e4 ba 8e 0a 2a 20 e4 b8 bb e9 a1 b5 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0a 2a 20 47 69 74 6c 61 62 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0a 0a 23 23 23 20 e9 a2 84 e8 a7 88 0a 2a 20 e4 b8 bb e7 95 8c e9 9d a2 20 20 0a 21 5b 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 2f 2d 2f 72 61 77 2f 6d 61 69 6e 2f 70 75 62 6c 69 63 2f 69 6d 61 67 65 73 2f 53 75 57 61 72 33 54 6f 6f 6c 73 2e 70 6e 67 20 22 e4 b8 bb e7 95 8c e9 9d a2 22 29 0a 2a 20 e9 ab 98 e7 ba a7 e6 94
                                      Data Ascii: ### * https://war3tools.gitlab.io* Gitlab https://gitlab.com/war3tools/war3tools.gitlab.io### * ![](https://gitlab.com/war3tools/war3tools.gitlab.io/-/raw/main/public/images/SuWar3Tools.png "")*
                                      2024-07-25 13:17:09 UTC2372INData Raw: 2b 20 e6 b8 b8 e6 88 8f e8 bf 87 e7 a8 8b e4 b8 ad e6 bb 9a e5 8a a8 e9 bc a0 e6 a0 87 e4 bc 9a e8 bf 98 e5 8e 9f ef bc 8c e5 8f af e5 86 8d e6 ac a1 e6 8c 89 e4 b8 8b e5 bf ab e6 8d b7 e9 94 ae e7 bb a7 e7 bb ad e8 b0 83 e6 95 b4 0a 20 20 2b 20 e6 af 8f e5 bc 80 e4 b8 80 e5 b1 80 e6 88 96 e6 97 a0 e6 95 88 e6 97 b6 ef bc 8c e5 90 8c e6 97 b6 e6 8c 89 e4 b8 8b 43 74 72 6c 2b e8 a7 86 e9 87 8e e8 b0 83 e6 95 b4 e5 bf ab e6 8d b7 e9 94 ae e9 87 8d e7 bd ae 0a 20 20 2b 20 e5 a6 82 e6 9e 9c e8 b0 83 e6 95 b4 e6 97 a0 e6 95 88 e6 97 b6 e8 af b7 e5 85 b3 e9 97 ad 33 36 30 e4 b9 8b e7 b1 bb e7 9a 84 e8 bd af e4 bb b6 0a 2a 20 e8 8b b1 e9 9b 84 e6 8a 80 e8 83 bd e6 94 b9 e9 94 ae ef bc 8c e9 9d 9e e9 bc a0 e6 a0 87 e6 a8 a1 e5 bc 8f e4 b8 8b e5 8f aa e6 94 af e6
                                      Data Ascii: + + Ctrl+ + 360*
                                      2024-07-25 13:17:09 UTC538INData Raw: 2f 66 6f 6c 64 65 72 2f 37 39 65 64 31 62 33 38 2d 32 36 62 38 2d 34 63 62 63 2d 38 31 38 65 2d 35 36 38 37 62 30 37 32 65 62 31 66 2f 63 30 63 38 34 66 64 63 65 39 34 38 36 36 33 32 36 39 30 64 65 31 35 64 31 65 30 38 62 39 34 66 32 30 39 33 35 30 63 32 39 39 36 37 63 66 63 36 35 65 33 63 38 37 34 66 36 62 62 36 62 37 63 62 29 20 20 0a 5b 68 74 74 70 73 3a 2f 2f 73 6f 75 72 63 65 66 6f 72 67 65 2e 6e 65 74 2f 70 72 6f 6a 65 63 74 73 2f 77 61 72 33 74 6f 6f 6c 73 2f 66 69 6c 65 73 2f 5d 28 68 74 74 70 73 3a 2f 2f 73 6f 75 72 63 65 66 6f 72 67 65 2e 6e 65 74 2f 70 72 6f 6a 65 63 74 73 2f 77 61 72 33 74 6f 6f 6c 73 2f 66 69 6c 65 73 2f 29 0a 2a 20 e5 a6 82 e6 9e 9c e8 bf 90 e8 a1 8c e5 a4 b1 e8 b4 a5 ef bc 8c e8 af b7 e4 b8 8b e8 bd bd e5 b9 b6 e5 ae 89 e8
                                      Data Ascii: /folder/79ed1b38-26b8-4cbc-818e-5687b072eb1f/c0c84fdce9486632690de15d1e08b94f209350c29967cfc65e3c874f6bb6b7cb) [https://sourceforge.net/projects/war3tools/files/](https://sourceforge.net/projects/war3tools/files/)*
                                      2024-07-25 13:17:09 UTC4744INData Raw: bc 8c e4 bb a5 e4 be bf e4 ba 8e e6 9b b4 e6 96 b9 e4 be bf e5 92 8c e5 bf ab e9 80 9f e5 ae 9a e4 bd 8d e9 97 ae e9 a2 98 0a 0a 23 23 23 20 e6 9b b4 e6 96 b0 0a 2a 20 5b 76 32 2e 31 2e 31 2e 31 35 35 5d 0a 20 20 2b 20 e4 b8 80 e5 8f aa e5 b0 8f e9 b1 bc e5 84 bf e6 b8 b8 e5 88 b0 e4 ba 86 e5 85 b6 e5 ae 83 e5 9c b0 e6 96 b9 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0a 20 20 2b 20 e6 b7 bb e5 8a a0 e5 bd 93 e6 96 b9 e6 a1 88 e5 8b be e9 80 89 e4 bb 85 e5 af b9 e8 8b b1 e9 9b 84 e7 94 9f e6 95 88 e6 97 b6 e8 83 8c e5 8c 85 e6 94 b9 e9 94 ae e4 b9 9f e5 8f af e4 bb a5 e9 85 8d e7 bd ae e5 af b9 e6 89 80 e6 9c 89 e5 8d 95 e4 bd 8d e6 9c 89 e6 95 88 0a 20 20 2b 20 e6 b7 bb e5 8a a0 e5 96 8a e8 af 9d e5 8f af
                                      Data Ascii: ### * [v2.1.1.155] + https://war3tools.gitlab.io + +
                                      2024-07-25 13:17:09 UTC5930INData Raw: e5 96 8a e8 af 9d e6 96 b9 e6 a1 88 0a 2a 20 5b 76 32 2e 31 2e 30 2e 31 34 35 5d 0a 20 20 2b 20 e4 bc 98 e5 8c 96 31 2e 33 30 2b e7 89 b9 e6 ae 8a e5 9c ba e6 99 af e4 b8 8b e6 94 b9 e9 94 ae e5 a4 b1 e6 95 88 e7 9a 84 42 75 67 ef bc 8c e4 bb 8d e6 97 a0 e6 b3 95 e4 bd bf e7 94 a8 e5 8f af e5 90 af e7 94 a8 e5 bc ba e5 88 b6 e6 94 b9 e9 94 ae 0a 20 20 2b 20 e5 a2 9e e5 8a a0 e8 87 aa e5 ae 9a e4 b9 89 e6 8c 89 e4 bd 8d e7 bd ae e7 82 b9 e5 88 a4 e6 96 ad e8 81 8a e5 a4 a9 e7 8a b6 e6 80 81 e7 9a 84 e5 8a 9f e8 83 bd 0a 20 20 2b 20 e5 a2 9e e5 8a a0 e4 b8 80 e9 94 ae e9 9a 90 e8 97 8f e9 ad 94 e5 85 bd e7 9a 84 e5 8a 9f e8 83 bd 28 e9 bb 98 e8 ae a4 e6 9c aa e8 ae be e7 bd ae e5 bf ab e6 8d b7 e9 94 ae 29 0a 20 20 2b 20 e5 a2 9e e5 8a a0 e8 b0 83 e7 94 a8
                                      Data Ascii: * [v2.1.0.145] + 1.30+Bug + + () +
                                      2024-07-25 13:17:09 UTC5145INData Raw: 37 61 46 4f 46 42 6c 66 4a 6f 52 43 58 69 54 56 51 52 71 75 70 73 36 77 75 63 53 6f 52 77 7a 73 34 52 37 31 56 49 6a 75 43 67 48 44 32 70 6a 30 53 6e 5a 6b 55 34 4c 58 36 6c 32 75 72 68 6f 71 67 2f 6e 73 48 6c 66 69 6b 6d 41 77 75 77 5a 31 4b 59 4d 58 32 46 39 77 77 65 2b 79 72 44 6c 42 6b 65 43 4c 45 32 2f 38 71 50 42 78 53 44 4d 77 2f 31 7a 79 67 59 41 77 35 53 57 2f 7a 52 6c 66 6c 59 50 4d 43 70 57 43 79 4d 73 72 2b 6c 64 56 74 38 6d 37 4d 37 57 43 43 51 43 78 44 7a 34 34 6b 6e 42 57 4e 6c 7a 35 47 44 61 45 4a 54 76 56 59 79 6c 30 4c 51 75 4b 36 66 4d 6b 32 6a 57 63 69 39 6b 61 30 73 52 69 39 35 67 77 56 36 38 75 46 6a 53 5a 76 64 56 34 64 79 6a 6f 48 35 4a 65 4e 31 76 50 5a 6c 73 4a 76 45 6e 2b 78 6e 6c 38 4c 50 41 51 48 35 70 74 51 4f 6c 54 72 41 79
                                      Data Ascii: 7aFOFBlfJoRCXiTVQRqups6wucSoRwzs4R71VIjuCgHD2pj0SnZkU4LX6l2urhoqg/nsHlfikmAwuwZ1KYMX2F9wwe+yrDlBkeCLE2/8qPBxSDMw/1zygYAw5SW/zRlflYPMCpWCyMsr+ldVt8m7M7WCCQCxDz44knBWNlz5GDaEJTvVYyl0LQuK6fMk2jWci9ka0sRi95gwV68uFjSZvdV4dyjoH5JeN1vPZlsJvEn+xnl8LPAQH5ptQOlTrAy


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.2.54974335.185.44.2324435532C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:17:17 UTC400OUTGET /ad/header.html HTTP/1.1
                                      Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
                                      Accept-Language: en-CH
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                      Accept-Encoding: gzip, deflate
                                      Host: war3tools.suyx.net
                                      Connection: Keep-Alive
                                      2024-07-25 13:17:17 UTC379INHTTP/1.1 200 OK
                                      Cache-Control: max-age=600
                                      Content-Length: 1888
                                      Content-Type: text/html; charset=utf-8
                                      Etag: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      Expires: Thu, 25 Jul 2024 13:27:17 UTC
                                      Last-Modified: Wed, 05 Jun 2024 09:43:42 GMT
                                      Permissions-Policy: interest-cohort=()
                                      Vary: Origin
                                      Date: Thu, 25 Jul 2024 13:17:17 GMT
                                      Connection: close
                                      2024-07-25 13:17:17 UTC807INData Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e e9 ad 94 e5 85 bd e4 ba 89 e9 9c b8 33 e6 94 b9 e9 94 ae 53 75 57 61 72 33 54 6f 6f 6c 73 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 e9 ad 94 e5 85 bd e4 ba 89 e9 9c b8 33 e6 94 b9 e9 94 ae 53 75 57 61 72 33 54 6f 6f 6c 73 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73
                                      Data Ascii: <!DOCTYPE html><head> <title>3SuWar3Tools</title> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="description" content="3SuWar3Tools"> <meta name="keywords
                                      2024-07-25 13:17:17 UTC1081INData Raw: 36 31 5c 30 30 37 32 5c 30 30 33 33 5c 30 30 35 34 5c 30 30 36 66 5c 30 30 36 66 5c 30 30 36 63 5c 30 30 37 33 5c 61 68 74 74 70 73 3a 2f 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 27 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 34 34 39 35 65 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 36 72 65 6d 3b 0a 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72
                                      Data Ascii: 61\0072\0033\0054\006f\006f\006c\0073\ahttps://war3tools.gitlab.io'; white-space: pre; display: flex; justify-content: center; align-items: center; height: 100%; color: #34495e; font-size: 1.6rem; text-decor


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      7192.168.2.549750163.181.92.2234435532C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:17:24 UTC273OUTGET /MjYxNDkzNzE=/bmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMyMTQzNV9iM2Q4ZmJjZC02ZjNkLTRiM2YtYTM1NS1iNjIyODI3MzJiOGI=?download=SuWar3Tools.zip&randomtime=638574961174603590 HTTP/1.1
                                      Host: nim-nosdn.netease.im
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      Connection: Keep-Alive
                                      2024-07-25 13:17:25 UTC1174INHTTP/1.1 200 OK
                                      Server: Tengine
                                      Content-Type: application/octet-stream
                                      Content-Length: 4041269
                                      Connection: close
                                      Date: Thu, 25 Jul 2024 13:17:25 GMT
                                      Content-Disposition: attachment; filename="SuWar3Tools.zip"; filename*=UTF-8''SuWar3Tools.zip
                                      Etag: b6e72b4ebfccb3b2689a52c9956c08e2-1
                                      Last-Modified: Wed, 05 Jun 2024 16:32:02 Asia/Shanghai
                                      X-Nos-Object-Name: MjYxNDkzNzE%3D%2FbmltYV8yMjI3ODcyNTc0NTBfMTcxNzU3NjMyMTQzNV9iM2Q4ZmJjZC02ZjNkLTRiM2YtYTM1NS1iNjIyODI3MzJiOGI%3D
                                      X-Nos-Request-Id: 5fa940b1-cbba-4f21-839d-abc3448ba45e
                                      X-Nos-Requesttype: GetObject
                                      X-Nos-Storage-Class: STANDARD
                                      Via: cache17.l2st3-1[232,231,200-0,M], cache28.l2st3-1[233,0], cache20.l2sg2[268,268,200-0,M], cache27.l2sg2[269,0], cache15.l2de2[449,449,200-0,M], cache6.l2de2[451,0], ens-cache15.de5[454,453,200-0,M], ens-cache16.de5[455,0]
                                      Ali-Swift-Global-Savetime: 1721913445
                                      X-Cache: MISS TCP_MISS dirn:-2:-2
                                      X-Swift-SaveTime: Thu, 25 Jul 2024 13:17:25 GMT
                                      X-Swift-CacheTime: 604800
                                      cdn-user-ip: 8.46.123.33
                                      cdnfrom: Ali
                                      cdn-ip: 163.181.92.223
                                      Access-Control-Allow-Methods: GET,POST
                                      Access-Control-Allow-Origin: *
                                      Timing-Allow-Origin: *
                                      EagleId: a3b55ca417219134451294945e
                                      2024-07-25 13:17:25 UTC16384INData Raw: 50 4b 03 04 14 00 00 00 00 00 1d 9b 0a 57 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 53 75 57 61 72 33 54 6f 6f 6c 73 2f 50 4b 03 04 14 00 00 00 08 00 78 83 c5 58 17 3b 11 93 f1 a8 3d 00 00 a0 50 00 1b 00 00 00 53 75 57 61 72 33 54 6f 6f 6c 73 2f 53 75 57 61 72 33 54 6f 6f 6c 73 2e 65 78 65 ec bd 0d 58 54 d5 f6 38 7c 86 39 e0 28 a3 67 cc 41 29 49 47 1d 0b 05 15 1d 35 6c f4 86 c6 57 86 3a 80 0c 6a 7e 50 e9 44 64 65 3a a3 de 1b 22 34 90 1e 37 53 56 54 5a d6 cd b2 b2 b2 9b 95 57 d1 bc 3a 03 ca 97 a6 80 96 e0 47 57 cb ea 20 54 60 26 68 c6 f9 af b5 f7 99 61 50 2b 7f ff f7 7d 7e cf f3 be 4f a3 cc 9c b3 f7 3e 6b ef bd f6 da eb 6b af bd cf 94 59 6b 39 35 c7 71 3c fc c9 32 c7 15 73 ec 13 c3 fd f9 27 17 fe 7a f4 df d5 83 db d6 f5 f3 01 c5 aa a4 cf 07 4c cf 7c
                                      Data Ascii: PKWSuWar3Tools/PKxX;=PSuWar3Tools/SuWar3Tools.exeXT8|9(gA)IG5lW:j~PDde:"47SVTZW:GW T`&haP+}~O>kkYk95q<2s'zL|
                                      2024-07-25 13:17:25 UTC15200INData Raw: 6b be 91 23 09 b1 64 f4 66 50 3e 53 bd 46 0d 09 f6 be 58 86 f4 62 76 f8 b8 65 b3 a9 35 4f cd 71 1d 33 c7 f5 b8 87 94 ba 1d 8b 3c de b7 6b ad 06 ea b1 d0 31 d7 76 63 aa d4 7e 95 f9 f1 c4 ec 57 e7 6e 55 79 5d 12 d0 54 1a ff 6a b4 92 96 74 92 33 1d 5f c1 40 ea ec 76 5b c4 bc 50 5b c4 e3 7a 2a 50 a2 48 0c 2f ec 38 e0 39 a3 13 76 7c 11 5c 25 32 83 3f 94 2e 60 e1 79 88 e4 30 1e 2b 85 ca b3 62 81 b6 2b 16 68 82 bf 05 9a ae 15 ff 31 03 e1 e5 45 07 60 f6 e3 ec e4 6e 66 e7 ea e9 f6 90 71 56 4b 4e 38 99 9a 44 c6 99 2f db f5 e6 c7 f5 39 82 f9 f1 b0 15 dd cc f3 42 73 02 cd f3 0c d9 71 18 cf e7 e1 cd f1 96 ec 13 30 2a 80 65 83 68 f5 62 39 14 0d 6d 7a 4a a3 2f 60 a8 da 54 0b f9 57 57 34 2e 67 b6 7d 76 6b 02 ea dd b9 a0 26 94 4b df 51 93 3d c3 f7 ac 8e 4d b7 d0 00 66 c4
                                      Data Ascii: k#dfP>SFXbve5Oq3<k1vc~WnUy]Tjt3_@v[P[z*PH/89v|\%2?.`y0+b+h1E`nfqVKN8D/9Bsq0*ehb9mzJ/`TWW4.g}vk&KQ=Mf
                                      2024-07-25 13:17:25 UTC16384INData Raw: c1 09 e1 c4 c8 0a e9 2c 49 e1 84 87 e9 c9 5f ba 9a 24 68 84 71 1a 92 14 e9 4f 12 49 92 a2 fc f7 51 24 49 e7 bf d7 49 4e eb ae f2 ff ad 4d d7 1f cb 30 0a b7 0b 99 ac 90 c9 09 99 6a 21 53 23 66 1f 57 32 db de 78 36 89 8e 8a 47 08 75 fd 4d e1 e7 32 cb 62 84 5a db 42 0b 69 1b 7e 87 6d 24 1d 92 8d d8 29 a3 4e 48 6d 3b 6b d3 42 a9 b7 08 8b d7 a9 1d 1e 85 fe ac e3 12 bb b4 57 63 17 34 0f 65 53 41 77 48 8d b5 d3 0d c2 24 ce fb 9a ce 69 6d 9a 90 cc 8a 56 78 40 e9 79 8a f5 4d c7 2f 88 7d 0a c9 6a 71 d2 d7 92 86 65 b2 26 6b 16 29 f7 b7 03 d9 a9 a4 5f 09 ac 34 19 16 32 7a 0b ae 38 e3 7d e8 13 85 f3 f5 5e 8d 98 88 4f 41 44 61 8e 4e 93 fb 90 99 1e 15 66 00 7e d1 5f 86 32 c3 95 dc 3b c8 20 5c 1f 89 f6 13 f4 45 84 4d 4b fc f8 b2 a3 5c 61 68 5d dc 08 60 ad 85 e8 6b f1 fb
                                      Data Ascii: ,I_$hqOIQ$IINM0j!S#fW2x6GuM2bZBi~m$)NHm;kBWc4eSAwH$imVx@yM/}jqe&k)_42z8}^OADaNf~_2; \EMK\ah]`k
                                      2024-07-25 13:17:25 UTC16384INData Raw: 85 df 78 9e 9f 2f cf 0f f2 4a 1a 8c b8 0c 00 91 ee 40 be 21 bd 32 01 8e 55 16 a3 63 16 d3 e5 98 9b 14 73 93 9a b9 4d 77 87 8c 64 9d 8c 24 98 51 07 06 15 2f 7f 09 96 df a3 db f2 31 60 ba a7 15 3d 92 34 5d 7d 14 dd b2 7e 6d d2 2d ec 59 1e a6 2b ba e5 9f 8b e9 5e ff 8a 6e 69 6f 6d d2 25 76 e8 52 3b 74 99 1d ba dc 0e dd c3 0e dd d3 0e 5d 61 87 ee 65 87 ee 63 87 ee db 2d 1d e1 ff 21 fd 95 46 c5 a8 91 5d 2f 47 a3 3d 5e a5 1e 91 5e 90 1d 7e fc f8 62 72 3b cd 6c ff 43 6c d9 7f 9b df ab ec a4 1f 61 87 ae b6 43 9f 6b 87 be d0 0e 7d a9 1d 7a 9c 1d 7a bc 1d fa 2a 3b f4 24 3b f4 e4 47 d3 b5 a9 dd db 7f 9b f1 6d f7 77 70 d0 1d 8b ee d2 30 eb 24 dc be 66 04 4f 5e 87 0e f5 4b 96 f0 c3 ec de c8 a8 08 d3 4f e5 a3 f0 66 47 6a 15 c3 92 0e 7b 00 14 a5 5b ba 45 b7 f1 08 ba 87
                                      Data Ascii: x/J@!2UcsMwd$Q/1`=4]}~m-Y+^niom%vR;t]aec-!F]/G=^^~br;lClaCk}zz*;$;Gmwp0$fO^KOfGj{[E
                                      2024-07-25 13:17:25 UTC16384INData Raw: f9 97 f4 7d 38 1f 60 f5 1c d4 0b f2 69 62 ce fc 98 4f 63 c8 ff 3f f0 69 9c f3 dd 6d bf 9f c7 67 e1 7a 43 07 c9 b9 be 8b 98 fc 19 dd 1c 0f 6a c9 e0 d9 62 19 c6 77 e7 02 72 a7 2f 43 3f e9 e6 b2 6f c8 91 e0 c1 bf ee d7 85 e0 32 ca c8 13 5c 78 47 86 a8 66 4c c8 f8 d9 8d 44 67 15 4c 62 31 37 10 cc e5 9f f7 25 bd 3f 1a cf 73 49 49 cd 58 c9 fb ed c7 ba 82 00 43 d4 f1 04 1b 88 67 5b 43 d0 ac c0 f0 e6 ec 36 b4 4e 5b bc b4 f6 71 d3 8f bd 44 e2 56 cd 81 97 bc d0 e9 7d 35 2c 76 aa c3 66 ab 1c 3b c4 e3 c4 98 24 fa f1 cb 18 67 d1 d4 4b ed c5 83 c7 4d fb 0a b9 a1 91 a9 12 a0 8b 64 a3 6e 8e 07 26 63 a4 67 9a 77 4d d4 f5 0e 6b 56 4b 5e 77 05 cb dc 9f 08 50 5f 45 2e f5 6b 39 5a bb 1e ed 74 e6 da 99 cb ca 71 83 6f c0 e0 32 65 85 3c 28 a6 b0 4a 66 a2 5b fc 96 d0 15 52 0e 4f
                                      Data Ascii: }8`ibOc?imgzCjbwr/C?o2\xGfLDgLb17%?sIIXCg[C6N[qDV}5,vf;$gKMdn&cgwMkVK^wP_E.k9Ztqo2e<(Jf[RO
                                      2024-07-25 13:17:25 UTC16384INData Raw: 46 33 2b 0e b7 e6 81 42 c3 07 e6 3a 81 60 84 84 86 40 5e 74 11 73 78 32 f8 e7 27 4d 83 59 50 8b 5e 03 c5 35 1d 4e 8a 42 05 e4 62 09 d4 4d 7f 30 8e b0 f9 a8 bd 0f 54 31 e9 65 05 89 ee 84 39 e9 25 20 44 00 5a 13 22 4e 8c 97 6d b4 88 4b 7a d9 2a 9e 72 d4 95 80 a3 3a 5a d4 5e 4c 7a 0d 11 13 a2 0e a4 97 0b 21 02 51 dc 08 11 6f 83 09 e9 e5 59 69 4c 7a 79 10 22 4b d2 d5 0a 4f 99 34 44 41 99 44 94 b3 8c 15 8d be ef 06 bf 77 7e 5f e7 fb de 9c f7 7d df 3b 1c 6e 71 21 3d d8 c4 d4 67 da 43 7a 3b 92 21 1c 5f 75 71 a0 1e 09 ed 41 8e e3 d0 05 36 d9 4d 7d 5d 9b 1c c7 7d df 23 ed b7 b9 8b 8f 8d c3 b2 00 80 ea 80 9c fa 8c ec 18 28 b2 c2 d4 11 ed 98 ab 66 e2 e2 c7 d5 71 d9 f5 71 0b ea e3 16 18 88 3b 45 13 d7 b4 21 5f a3 fa 7c 8d 9a 8f bb 59 13 97 d3 90 6f 7d dc 02 03 71 b3
                                      Data Ascii: F3+B:`@^tsx2'MYP^5NBbM0T1e9% DZ"NmKz*r:Z^Lz!QoYiLzy"KO4DADw~_};nq!=gCz;!_uqA6M}]}#(fqq;E!_|Yo}q
                                      2024-07-25 13:17:26 UTC12866INData Raw: fb 98 93 34 ac 3f 4c a4 ac 7e 75 76 39 be 3b fc 94 10 53 6e 21 a0 f1 f8 59 54 4a 26 c5 81 f2 0c 79 86 9b 04 c3 0d fb 25 32 dc 48 0c 37 31 86 9b 0c dc d5 c1 67 d0 3b da 2b 30 f0 9b 25 08 7c a0 14 97 5a 4b 6c 53 5a 00 81 1a d7 a4 e0 99 f9 09 20 07 f7 41 90 6f 3f 70 b5 db ef 27 e0 8a 68 24 81 65 85 a4 a8 fb 12 26 c5 8c 30 22 48 9b 3a 96 76 3d 48 0b 75 8c a6 1d 48 c4 6d 2f 2c 2f 79 46 18 09 b9 f5 0e 45 19 d6 62 b8 19 4b 66 fc 84 e6 be c4 8f 16 95 31 7b 93 1d e9 b7 4b 2e f0 76 ef 1c 77 ea 96 0c e3 04 35 02 c2 57 80 e3 3e 3d 4c 44 21 c8 a4 38 54 dc 8c cf 1c 8a 08 14 a4 21 8a 74 dc c8 26 63 d2 13 24 e2 cb 8f 45 22 24 10 23 08 27 80 cd 2a ac 25 54 1d 07 17 2c 9f 59 68 2d f6 9a 98 af c4 6e 2b 70 f8 e6 d7 58 dc 76 a6 03 f7 63 f4 65 0c dc 1e 95 44 e3 e5 00 d7 ef 9a
                                      Data Ascii: 4?L~uv9;Sn!YTJ&y%2H71g;+0%|ZKlSZ Ao?p'h$e&0"H:v=HuHm/,/yFEbKf1{K.vw5W>=LD!8T!t&c$E"$#'*%T,Yh-n+pXvceD
                                      2024-07-25 13:17:26 UTC4380INData Raw: dc f0 e8 b0 91 62 d8 8b 5b d4 8e 1a f1 84 f8 21 bb ed 22 6f cd 8e ba d3 3d aa d7 0c 23 bb 63 bc 91 48 ae c3 d6 55 f5 ea 80 23 69 b6 25 4f 56 dc bd 51 4d d9 0c 7a 5c 7a 46 b1 62 32 b5 a6 71 e9 89 a8 f8 37 9c a5 ad f7 66 ff fa ac f2 c2 b1 a3 46 dc 71 2f cc df ad 68 f9 f5 3d f9 7c ce 8f 27 2b a8 99 7d 65 f2 ac 1b db 9e 52 aa 36 13 64 ec 99 83 ca 4a 62 85 03 be d7 75 e4 a5 61 c1 b7 62 47 2f 5e bb ff e5 76 fe 6b eb c0 fa 9a 37 f5 42 ef b8 0a ed bb 6e 99 96 33 ce f8 0f 32 ed 72 79 7f 66 7d 4c 4d 46 e5 c7 8d b1 92 92 4d db 37 73 0d 27 0d e3 bf 90 6d 6b e3 7f 7c 76 f9 4c 3a 3f a3 9e aa aa 1b 3c af 66 6e d8 d4 23 3f 47 1f bf 7d ac b6 9a 51 f8 f6 a0 b9 74 cb e1 45 7b 7f 5b 38 d0 7d c1 bc 39 d9 0e 61 d3 7d 46 94 67 cd a9 e0 6a 76 8b 66 8d ae c3 56 57 7e 18 d0 3d 8b
                                      Data Ascii: b[!"o=#cHU#i%OVQMz\zFb2q7fFq/h=|'+}eR6dJbuabG/^vk7Bn32ryf}LMFM7s'mk|vL:?<fn#?G}QtE{[8}9a}FgjvfVW~=
                                      2024-07-25 13:17:26 UTC4560INData Raw: c4 63 ca d4 3f 4b 7a 02 92 31 04 4e 4d d3 30 1e 33 0a 9c 4c 58 8c 95 a6 6a ea 20 e8 f6 29 bc 5e be 0a 90 f4 eb 2b 20 fd 52 83 fb 2e 01 28 b7 63 bb 1f bc 69 4b 42 f1 a0 7a 7c 02 0f 2f 26 af e7 52 94 30 34 82 8c 1b ad 77 d8 38 9d 41 e3 39 a6 45 ca 24 48 29 14 29 31 f0 68 29 52 26 43 b4 a8 48 89 83 c7 e7 22 25 f4 91 86 16 29 09 f0 50 14 29 37 82 47 5e 91 72 13 78 f4 2a 52 6e 06 0f bb 22 e5 16 b8 e0 8a 94 5b c1 a3 b8 48 b9 0d 3c 04 45 ca 54 88 7d 15 29 b7 83 87 41 91 72 87 2e c9 4e 7a 01 43 90 fd 10 c9 68 9d 15 0d 8f 0d 33 01 e8 52 96 ac b8 d5 80 46 bd f3 a0 05 0f 82 80 40 41 0c 2f 51 de c2 59 d6 25 99 eb 96 c4 85 22 9c 75 7f 15 0b 74 b6 c4 04 2f 68 d6 9e e0 05 7e 9f dc 73 0e 60 d2 bb 15 34 c5 83 87 bf 50 56 a2 eb b3 c1 47 39 18 42 c5 19 88 c9 83 e7 11 fa 82
                                      Data Ascii: c?Kz1NM03LXj )^+ R.(ciKBz|/&R04w8A9E$H))1h)R&CH"%)P)7G^rx*Rn"[H<ET})Ar.NzCh3RF@A/QY%"ut/h~s`4PVG9B
                                      2024-07-25 13:17:26 UTC16384INData Raw: 39 2e 60 63 82 87 58 50 15 ee cf c6 27 b3 b0 a0 a7 fc 4a 2c 94 8b 85 32 e5 2d dd 51 a5 14 f4 57 a2 bb 03 aa 5c 00 02 67 4c dc bc 0d 50 e5 2c 10 74 f3 66 a1 ca 29 f0 e3 ca 6e e0 eb 64 3a 84 36 a1 4a 3f 3a 64 6a 8b 2a c7 d0 21 8e 3d aa 74 81 cc 82 35 2c 79 71 77 b0 0b 03 a4 44 37 30 ee c1 d6 52 14 37 c7 4d 84 f8 75 3c c4 8a aa 84 5f 18 78 b7 60 f0 2a b4 a5 2a a1 c7 37 55 2f 4c 70 03 9c 61 42 f2 7a 0b 05 68 a9 17 00 91 b1 c0 93 e0 49 e8 11 44 4a cd f0 cd 69 30 68 29 b1 84 89 f0 a0 1b c1 64 d3 23 0a 10 30 2c 5d da 49 ed b6 aa 2d 31 3a 25 1e 44 62 74 6e 3d 76 53 d7 b3 9d c0 2a c2 01 81 85 0b 5e e0 b0 63 ca f1 f0 87 21 11 a1 38 e8 95 72 d2 c0 14 41 34 8b 01 7e 24 16 82 4d 4f ac d8 cb b3 ca 10 41 02 74 bf 2f ba e1 59 e6 40 84 5f 25 92 95 79 ac 30 6f 10 75 29 05
                                      Data Ascii: 9.`cXP'J,2-QW\gLP,tf)nd:6J?:dj*!=t5,yqwD70R7Mu<_x`**7U/LpaBzhIDJi0h)d#0,]I-1:%Dbtn=vS*^c!8rA4~$MOAt/Y@_%y0ou)


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      8192.168.2.549764217.197.91.1454436472C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:08 UTC109OUTGET /war3tools/war3tools/raw/branch/master/README.md HTTP/1.1
                                      Host: codeberg.org
                                      Connection: Keep-Alive
                                      2024-07-25 13:18:08 UTC834INHTTP/1.1 200 OK
                                      access-control-expose-headers: Content-Disposition
                                      cache-control: private, max-age=300
                                      content-disposition: inline; filename="README.md"; filename*=UTF-8''README.md
                                      content-length: 19742
                                      content-type: text/plain; charset=utf-8
                                      etag: "243aa49e5edb40b99ad1e119e19b2c51dce85a64"
                                      last-modified: Wed, 05 Jun 2024 09:59:42 GMT
                                      set-cookie: i_like_gitea=58504a77a38e2ebf; Path=/; HttpOnly; Secure; SameSite=Lax; Secure; SameSite=Lax
                                      set-cookie: _csrf=VsZgLLs2UXwoI8g4I9mAQk2Lm9U6MTcyMTkxMzQ4ODcxOTE0ODQ0NA; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax; Secure; SameSite=Lax
                                      date: Thu, 25 Jul 2024 13:18:08 GMT
                                      strict-transport-security: max-age=63072000; includeSubDomains; preload
                                      permissions-policy: interest-cohort=()
                                      x-frame-options: sameorigin
                                      x-content-type-options: nosniff
                                      connection: close
                                      2024-07-25 13:18:08 UTC3438INData Raw: 23 23 23 20 e5 85 b3 e4 ba 8e 0d 0a 2a 20 e4 b8 bb e9 a1 b5 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0d 0a 2a 20 47 69 74 6c 61 62 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0d 0a 0d 0a 23 23 23 20 e9 a2 84 e8 a7 88 0d 0a 2a 20 e4 b8 bb e7 95 8c e9 9d a2 20 20 0d 0a 21 5b 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 2f 2d 2f 72 61 77 2f 6d 61 69 6e 2f 70 75 62 6c 69 63 2f 69 6d 61 67 65 73 2f 53 75 57 61 72 33 54 6f 6f 6c 73 2e 70 6e 67 20 22 e4 b8 bb e7 95 8c e9 9d a2 22 29 0d 0a 2a 20 e9
                                      Data Ascii: ### * https://war3tools.gitlab.io* Gitlab https://gitlab.com/war3tools/war3tools.gitlab.io### * ![](https://gitlab.com/war3tools/war3tools.gitlab.io/-/raw/main/public/images/SuWar3Tools.png "")*
                                      2024-07-25 13:18:08 UTC16304INData Raw: 9e 9c e8 bf 90 e8 a1 8c e5 a4 b1 e8 b4 a5 ef bc 8c e8 af b7 e4 b8 8b e8 bd bd e5 b9 b6 e5 ae 89 e8 a3 85 20 2e 6e 65 74 34 2e 36 2e 31 20 e5 be ae e8 bd af e5 ae 98 e6 96 b9 e7 a6 bb e7 ba bf e5 ae 89 e8 a3 85 e5 8c 85 ef bc 9a 20 20 0d 0a 68 74 74 70 73 3a 2f 2f 64 6f 74 6e 65 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64 2f 74 68 61 6e 6b 2d 79 6f 75 2f 6e 65 74 34 36 31 2d 6f 66 66 6c 69 6e 65 0d 0a 2a 20 42 75 67 e5 8f 8d e9 a6 88 e5 92 8c e6 84 8f e8 a7 81 e5 8f 8a e5 bb ba e8 ae ae e9 82 ae e7 ae b1 ef bc 9a 20 77 61 72 33 74 6f 6f 6c 73 40 6f 75 74 6c 6f 6f 6b 2e 63 6f 6d 20 20 0d 0a 20 20 e6 8f 8f e8 bf b0 e9 97 ae e9 a2 98 e6 97 b6 e8 af b7 e4 bd bf e7 94 a8 e6 9c 80 e6 96 b0 e7 89 88 e6 9c ac e7 9a 84 e7 a8 8b e5 ba 8f
                                      Data Ascii: .net4.6.1 https://dotnet.microsoft.com/download/thank-you/net461-offline* Bug war3tools@outlook.com


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      9192.168.2.54976318.166.250.1354436472C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:08 UTC106OUTGET /war3tools/war3tools/raw/branch/master/README.md HTTP/1.1
                                      Host: gitea.com
                                      Connection: Keep-Alive
                                      2024-07-25 13:18:09 UTC692INHTTP/1.1 200 OK
                                      Date: Thu, 25 Jul 2024 13:18:09 GMT
                                      Content-Type: text/plain; charset=utf-8
                                      Content-Length: 19742
                                      Connection: close
                                      Access-Control-Expose-Headers: Content-Disposition
                                      Cache-Control: private, max-age=300
                                      Content-Disposition: inline; filename="README.md"; filename*=UTF-8''README.md
                                      Etag: "243aa49e5edb40b99ad1e119e19b2c51dce85a64"
                                      Last-Modified: Wed, 05 Jun 2024 09:59:06 GMT
                                      Server: Caddy
                                      Set-Cookie: i_like_gitea=d6812cb61d0da86e; Path=/; HttpOnly; Secure; SameSite=Lax
                                      Set-Cookie: _csrf=y6GTQ11WW8TrsG5-NG0f_wKzNAQ6MTcyMTkxMzQ4OTAyMjYwOTc0NA; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax
                                      X-Content-Type-Options: nosniff
                                      X-Frame-Options: SAMEORIGIN
                                      2024-07-25 13:18:09 UTC3423INData Raw: 23 23 23 20 e5 85 b3 e4 ba 8e 0d 0a 2a 20 e4 b8 bb e9 a1 b5 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0d 0a 2a 20 47 69 74 6c 61 62 ef bc 9a 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 0d 0a 0d 0a 23 23 23 20 e9 a2 84 e8 a7 88 0d 0a 2a 20 e4 b8 bb e7 95 8c e9 9d a2 20 20 0d 0a 21 5b 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 77 61 72 33 74 6f 6f 6c 73 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 2f 2d 2f 72 61 77 2f 6d 61 69 6e 2f 70 75 62 6c 69 63 2f 69 6d 61 67 65 73 2f 53 75 57 61 72 33 54 6f 6f 6c 73 2e 70 6e 67 20 22 e4 b8 bb e7 95 8c e9 9d a2 22 29 0d 0a 2a 20 e9
                                      Data Ascii: ### * https://war3tools.gitlab.io* Gitlab https://gitlab.com/war3tools/war3tools.gitlab.io### * ![](https://gitlab.com/war3tools/war3tools.gitlab.io/-/raw/main/public/images/SuWar3Tools.png "")*
                                      2024-07-25 13:18:09 UTC16319INData Raw: 66 69 6c 65 73 2f 29 0d 0a 2a 20 e5 a6 82 e6 9e 9c e8 bf 90 e8 a1 8c e5 a4 b1 e8 b4 a5 ef bc 8c e8 af b7 e4 b8 8b e8 bd bd e5 b9 b6 e5 ae 89 e8 a3 85 20 2e 6e 65 74 34 2e 36 2e 31 20 e5 be ae e8 bd af e5 ae 98 e6 96 b9 e7 a6 bb e7 ba bf e5 ae 89 e8 a3 85 e5 8c 85 ef bc 9a 20 20 0d 0a 68 74 74 70 73 3a 2f 2f 64 6f 74 6e 65 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64 2f 74 68 61 6e 6b 2d 79 6f 75 2f 6e 65 74 34 36 31 2d 6f 66 66 6c 69 6e 65 0d 0a 2a 20 42 75 67 e5 8f 8d e9 a6 88 e5 92 8c e6 84 8f e8 a7 81 e5 8f 8a e5 bb ba e8 ae ae e9 82 ae e7 ae b1 ef bc 9a 20 77 61 72 33 74 6f 6f 6c 73 40 6f 75 74 6c 6f 6f 6b 2e 63 6f 6d 20 20 0d 0a 20 20 e6 8f 8f e8 bf b0 e9 97 ae e9 a2 98 e6 97 b6 e8 af b7 e4 bd bf e7 94 a8 e6 9c 80 e6 96 b0
                                      Data Ascii: files/)* .net4.6.1 https://dotnet.microsoft.com/download/thank-you/net461-offline* Bug war3tools@outlook.com


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      10192.168.2.54976735.185.44.232443
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:12 UTC730OUTGET /ad/header.html HTTP/1.1
                                      Host: war3tools.suyx.net
                                      Connection: keep-alive
                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                      2024-07-25 13:18:12 UTC379INHTTP/1.1 200 OK
                                      Cache-Control: max-age=600
                                      Content-Length: 1888
                                      Content-Type: text/html; charset=utf-8
                                      Etag: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      Expires: Thu, 25 Jul 2024 13:28:12 UTC
                                      Last-Modified: Wed, 05 Jun 2024 09:43:42 GMT
                                      Permissions-Policy: interest-cohort=()
                                      Vary: Origin
                                      Date: Thu, 25 Jul 2024 13:18:12 GMT
                                      Connection: close
                                      2024-07-25 13:18:12 UTC807INData Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e e9 ad 94 e5 85 bd e4 ba 89 e9 9c b8 33 e6 94 b9 e9 94 ae 53 75 57 61 72 33 54 6f 6f 6c 73 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 e9 ad 94 e5 85 bd e4 ba 89 e9 9c b8 33 e6 94 b9 e9 94 ae 53 75 57 61 72 33 54 6f 6f 6c 73 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73
                                      Data Ascii: <!DOCTYPE html><head> <title>3SuWar3Tools</title> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="description" content="3SuWar3Tools"> <meta name="keywords
                                      2024-07-25 13:18:12 UTC1081INData Raw: 36 31 5c 30 30 37 32 5c 30 30 33 33 5c 30 30 35 34 5c 30 30 36 66 5c 30 30 36 66 5c 30 30 36 63 5c 30 30 37 33 5c 61 68 74 74 70 73 3a 2f 2f 77 61 72 33 74 6f 6f 6c 73 2e 67 69 74 6c 61 62 2e 69 6f 27 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 34 34 39 35 65 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 36 72 65 6d 3b 0a 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72
                                      Data Ascii: 61\0072\0033\0054\006f\006f\006c\0073\ahttps://war3tools.gitlab.io'; white-space: pre; display: flex; justify-content: center; align-items: center; height: 100%; color: #34495e; font-size: 1.6rem; text-decor


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      11192.168.2.54977735.185.44.232443
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:17 UTC889OUTGET /ad/header.html HTTP/1.1
                                      Host: war3tools.suyx.net
                                      Connection: keep-alive
                                      Cache-Control: max-age=0
                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                      If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
                                      2024-07-25 13:18:17 UTC281INHTTP/1.1 304 Not Modified
                                      Cache-Control: max-age=600
                                      Etag: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      Expires: Thu, 25 Jul 2024 13:28:17 UTC
                                      Permissions-Policy: interest-cohort=()
                                      Vary: Origin
                                      Date: Thu, 25 Jul 2024 13:18:17 GMT
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      12192.168.2.54978835.185.44.232443
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:22 UTC889OUTGET /ad/header.html HTTP/1.1
                                      Host: war3tools.suyx.net
                                      Connection: keep-alive
                                      Cache-Control: max-age=0
                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                      If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
                                      2024-07-25 13:18:22 UTC281INHTTP/1.1 304 Not Modified
                                      Cache-Control: max-age=600
                                      Etag: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      Expires: Thu, 25 Jul 2024 13:28:22 UTC
                                      Permissions-Policy: interest-cohort=()
                                      Vary: Origin
                                      Date: Thu, 25 Jul 2024 13:18:22 GMT
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      13192.168.2.54978735.185.44.2324436472C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:22 UTC83OUTGET /ad/banner.html HTTP/1.1
                                      Host: war3tools.gitlab.io
                                      Connection: Keep-Alive
                                      2024-07-25 13:18:22 UTC379INHTTP/1.1 200 OK
                                      Cache-Control: max-age=600
                                      Content-Length: 2154
                                      Content-Type: text/html; charset=utf-8
                                      Etag: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      Expires: Thu, 25 Jul 2024 13:28:22 UTC
                                      Last-Modified: Wed, 05 Jun 2024 09:43:42 GMT
                                      Permissions-Policy: interest-cohort=()
                                      Vary: Origin
                                      Date: Thu, 25 Jul 2024 13:18:22 GMT
                                      Connection: close
                                      2024-07-25 13:18:22 UTC807INData Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e e9 ad 94 e5 85 bd e4 ba 89 e9 9c b8 33 e6 94 b9 e9 94 ae 53 75 57 61 72 33 54 6f 6f 6c 73 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 e9 ad 94 e5 85 bd e4 ba 89 e9 9c b8 33 e6 94 b9 e9 94 ae 53 75 57 61 72 33 54 6f 6f 6c 73 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73
                                      Data Ascii: <!DOCTYPE html><head> <title>3SuWar3Tools</title> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="description" content="3SuWar3Tools"> <meta name="keywords
                                      2024-07-25 13:18:22 UTC1347INData Raw: 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 3b 0a 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 30 70 78 3b 0a 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a
                                      Data Ascii: ing: 0; text-align: center; -webkit-font-smoothing: antialiased; -webkit-tap-highlight-color: rgba(0,0,0,0); -webkit-text-size-adjust: none; box-sizing: border-box; font-weight: bold; font-size: 40px; background-siz


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      14192.168.2.54979235.185.44.232443
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:24 UTC889OUTGET /ad/header.html HTTP/1.1
                                      Host: war3tools.suyx.net
                                      Connection: keep-alive
                                      Cache-Control: max-age=0
                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                      If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
                                      2024-07-25 13:18:24 UTC281INHTTP/1.1 304 Not Modified
                                      Cache-Control: max-age=600
                                      Etag: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      Expires: Thu, 25 Jul 2024 13:28:24 UTC
                                      Permissions-Policy: interest-cohort=()
                                      Vary: Origin
                                      Date: Thu, 25 Jul 2024 13:18:24 GMT
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      15192.168.2.54979435.185.44.232443
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:27 UTC889OUTGET /ad/header.html HTTP/1.1
                                      Host: war3tools.suyx.net
                                      Connection: keep-alive
                                      Cache-Control: max-age=0
                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                      If-None-Match: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      If-Modified-Since: Wed, 05 Jun 2024 09:43:42 GMT
                                      2024-07-25 13:18:27 UTC281INHTTP/1.1 304 Not Modified
                                      Cache-Control: max-age=600
                                      Etag: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      Expires: Thu, 25 Jul 2024 13:28:27 UTC
                                      Permissions-Policy: interest-cohort=()
                                      Vary: Origin
                                      Date: Thu, 25 Jul 2024 13:18:27 GMT
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      16192.168.2.549804148.153.35.664436472C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:41 UTC86OUTGET /x/web-interface/zone HTTP/1.1
                                      Host: api.bilibili.com
                                      Connection: Keep-Alive
                                      2024-07-25 13:18:41 UTC369INHTTP/1.1 200 OK
                                      Date: Thu, 25 Jul 2024 13:18:41 GMT
                                      Content-Type: application/json; charset=utf-8
                                      Content-Length: 179
                                      Connection: close
                                      Bili-Status-Code: 0
                                      Bili-Trace-Id: 4f67f54a6266a250
                                      Cpu_usage: 191
                                      X-Bili-Trace-Id: 7d795b9d681cd4674f67f54a6266a250
                                      X-Ticket-Status: 1
                                      Access-Control-Expose-Headers: X-Cache-Webcdn
                                      X-Cache-Webcdn: BYPASS from blzone01
                                      2024-07-25 13:18:41 UTC179INData Raw: 7b 22 63 6f 64 65 22 3a 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 30 22 2c 22 74 74 6c 22 3a 31 2c 22 64 61 74 61 22 3a 7b 22 61 64 64 72 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 e7 be 8e e5 9b bd 22 2c 22 69 73 70 22 3a 22 6c 65 76 65 6c 33 2e 63 6f 6d 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 37 2e 30 39 30 32 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 39 35 2e 37 31 32 38 39 31 2c 22 7a 6f 6e 65 5f 69 64 22 3a 32 39 33 36 30 31 32 38 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 31 7d 7d
                                      Data Ascii: {"code":0,"message":"0","ttl":1,"data":{"addr":"8.46.123.33","country":"","isp":"level3.com","latitude":37.09024,"longitude":-95.712891,"zone_id":29360128,"country_code":1}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      17192.168.2.54979635.185.44.2324436472C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:41 UTC83OUTGET /ad/banner.html HTTP/1.1
                                      Host: war3tools.gitlab.io
                                      Connection: Keep-Alive
                                      2024-07-25 13:18:41 UTC379INHTTP/1.1 200 OK
                                      Cache-Control: max-age=600
                                      Content-Length: 2154
                                      Content-Type: text/html; charset=utf-8
                                      Etag: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      Expires: Thu, 25 Jul 2024 13:28:41 UTC
                                      Last-Modified: Wed, 05 Jun 2024 09:43:42 GMT
                                      Permissions-Policy: interest-cohort=()
                                      Vary: Origin
                                      Date: Thu, 25 Jul 2024 13:18:41 GMT
                                      Connection: close
                                      2024-07-25 13:18:41 UTC807INData Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e e9 ad 94 e5 85 bd e4 ba 89 e9 9c b8 33 e6 94 b9 e9 94 ae 53 75 57 61 72 33 54 6f 6f 6c 73 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 e9 ad 94 e5 85 bd e4 ba 89 e9 9c b8 33 e6 94 b9 e9 94 ae 53 75 57 61 72 33 54 6f 6f 6c 73 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73
                                      Data Ascii: <!DOCTYPE html><head> <title>3SuWar3Tools</title> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="description" content="3SuWar3Tools"> <meta name="keywords
                                      2024-07-25 13:18:41 UTC1347INData Raw: 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 3b 0a 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 30 70 78 3b 0a 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a
                                      Data Ascii: ing: 0; text-align: center; -webkit-font-smoothing: antialiased; -webkit-tap-highlight-color: rgba(0,0,0,0); -webkit-text-size-adjust: none; box-sizing: border-box; font-weight: bold; font-size: 40px; background-siz


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      18192.168.2.549807148.153.35.66443
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:48 UTC86OUTGET /x/web-interface/zone HTTP/1.1
                                      Host: api.bilibili.com
                                      Connection: Keep-Alive
                                      2024-07-25 13:18:48 UTC369INHTTP/1.1 200 OK
                                      Date: Thu, 25 Jul 2024 13:18:48 GMT
                                      Content-Type: application/json; charset=utf-8
                                      Content-Length: 179
                                      Connection: close
                                      Bili-Status-Code: 0
                                      Bili-Trace-Id: 5613c2782a66a250
                                      Cpu_usage: 251
                                      X-Bili-Trace-Id: 2396916fd55a5f5f5613c2782a66a250
                                      X-Ticket-Status: 1
                                      Access-Control-Expose-Headers: X-Cache-Webcdn
                                      X-Cache-Webcdn: BYPASS from blzone01
                                      2024-07-25 13:18:48 UTC179INData Raw: 7b 22 63 6f 64 65 22 3a 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 30 22 2c 22 74 74 6c 22 3a 31 2c 22 64 61 74 61 22 3a 7b 22 61 64 64 72 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 e7 be 8e e5 9b bd 22 2c 22 69 73 70 22 3a 22 6c 65 76 65 6c 33 2e 63 6f 6d 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 37 2e 30 39 30 32 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 39 35 2e 37 31 32 38 39 31 2c 22 7a 6f 6e 65 5f 69 64 22 3a 32 39 33 36 30 31 32 38 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 31 7d 7d
                                      Data Ascii: {"code":0,"message":"0","ttl":1,"data":{"addr":"8.46.123.33","country":"","isp":"level3.com","latitude":37.09024,"longitude":-95.712891,"zone_id":29360128,"country_code":1}}


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      19192.168.2.549808148.153.35.66443
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:48 UTC86OUTGET /x/web-interface/zone HTTP/1.1
                                      Host: api.bilibili.com
                                      Connection: Keep-Alive
                                      2024-07-25 13:18:49 UTC369INHTTP/1.1 200 OK
                                      Date: Thu, 25 Jul 2024 13:18:48 GMT
                                      Content-Type: application/json; charset=utf-8
                                      Content-Length: 179
                                      Connection: close
                                      Bili-Status-Code: 0
                                      Bili-Trace-Id: 119bc082e566a250
                                      Cpu_usage: 233
                                      X-Bili-Trace-Id: 12aaca535b7c8d7e119bc082e566a250
                                      X-Ticket-Status: 1
                                      Access-Control-Expose-Headers: X-Cache-Webcdn
                                      X-Cache-Webcdn: BYPASS from blzone01
                                      2024-07-25 13:18:49 UTC179INData Raw: 7b 22 63 6f 64 65 22 3a 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 30 22 2c 22 74 74 6c 22 3a 31 2c 22 64 61 74 61 22 3a 7b 22 61 64 64 72 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 e7 be 8e e5 9b bd 22 2c 22 69 73 70 22 3a 22 6c 65 76 65 6c 33 2e 63 6f 6d 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 37 2e 30 39 30 32 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 39 35 2e 37 31 32 38 39 31 2c 22 7a 6f 6e 65 5f 69 64 22 3a 32 39 33 36 30 31 32 38 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 31 7d 7d
                                      Data Ascii: {"code":0,"message":"0","ttl":1,"data":{"addr":"8.46.123.33","country":"","isp":"level3.com","latitude":37.09024,"longitude":-95.712891,"zone_id":29360128,"country_code":1}}


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      20192.168.2.549811148.153.35.66443
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:50 UTC86OUTGET /x/web-interface/zone HTTP/1.1
                                      Host: api.bilibili.com
                                      Connection: Keep-Alive
                                      2024-07-25 13:18:51 UTC369INHTTP/1.1 200 OK
                                      Date: Thu, 25 Jul 2024 13:18:50 GMT
                                      Content-Type: application/json; charset=utf-8
                                      Content-Length: 179
                                      Connection: close
                                      Bili-Status-Code: 0
                                      Bili-Trace-Id: 64e9a6f76066a250
                                      Cpu_usage: 259
                                      X-Bili-Trace-Id: 4c513a72c3af8c0864e9a6f76066a250
                                      X-Ticket-Status: 1
                                      Access-Control-Expose-Headers: X-Cache-Webcdn
                                      X-Cache-Webcdn: BYPASS from blzone01
                                      2024-07-25 13:18:51 UTC179INData Raw: 7b 22 63 6f 64 65 22 3a 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 30 22 2c 22 74 74 6c 22 3a 31 2c 22 64 61 74 61 22 3a 7b 22 61 64 64 72 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 e7 be 8e e5 9b bd 22 2c 22 69 73 70 22 3a 22 6c 65 76 65 6c 33 2e 63 6f 6d 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 37 2e 30 39 30 32 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 39 35 2e 37 31 32 38 39 31 2c 22 7a 6f 6e 65 5f 69 64 22 3a 32 39 33 36 30 31 32 38 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 31 7d 7d
                                      Data Ascii: {"code":0,"message":"0","ttl":1,"data":{"addr":"8.46.123.33","country":"","isp":"level3.com","latitude":37.09024,"longitude":-95.712891,"zone_id":29360128,"country_code":1}}


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      21192.168.2.54982635.185.44.232443
                                      TimestampBytes transferredDirectionData
                                      2024-07-25 13:18:54 UTC938OUTGET /favicon.ico HTTP/1.1
                                      Host: war3tools.suyx.net
                                      Connection: keep-alive
                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                      sec-ch-ua-mobile: ?0
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                      sec-ch-ua-platform: "Windows"
                                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      Sec-Fetch-Site: same-origin
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: image
                                      Referer: https://war3tools.suyx.net/ad/header.html
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                      Cookie: __gads=ID=3db76bb96bc61d49:T=1721913518:RT=1721913518:S=ALNI_MZbG8Djp3HAW8YyEyDeBQyV0rWmGw; __gpi=UID=00000eb054b56a23:T=1721913518:RT=1721913518:S=ALNI_MZJu1M0eTihEZq4YzRBr59EBWirJA; __eoi=ID=32cb7227ae4b3b68:T=1721913519:RT=1721913519:S=AA-Afjb7JbXLXpChPgWfUKZXbNdF
                                      2024-07-25 13:18:54 UTC368INHTTP/1.1 200 OK
                                      Cache-Control: max-age=600
                                      Content-Length: 16958
                                      Content-Type: image/x-icon
                                      Etag: "bb2d341eb32d28c343cbcfdbb3d182283e3ee6df5777e8b68e5712522774e521"
                                      Expires: Thu, 25 Jul 2024 13:28:54 UTC
                                      Last-Modified: Wed, 05 Jun 2024 09:43:42 GMT
                                      Permissions-Policy: interest-cohort=()
                                      Vary: Origin
                                      Date: Thu, 25 Jul 2024 13:18:54 GMT
                                      Connection: close
                                      2024-07-25 13:18:54 UTC818INData Raw: 00 00 01 00 01 00 40 40 00 00 01 00 20 00 28 42 00 00 16 00 00 00 28 00 00 00 40 00 00 00 80 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                      Data Ascii: @@ (B(@
                                      2024-07-25 13:18:54 UTC2372INData Raw: 00 00 00 af 00 00 00 50 00 00 00 00 00 00 00 00 00 00 00 b7 09 0c 0f ff 16 1f 24 ff 1e 2a 30 ff 25 33 3b ff 18 23 2a ff 0c 12 16 ff 04 06 07 ff 03 04 05 ff 01 06 06 ff 04 06 07 ff 09 07 09 ff 10 0e 11 ff 03 06 0a ff 03 07 0a ff 03 09 0b ff 03 09 0a ff 06 00 05 ff 08 0a 0f ff 08 0f 13 ff 06 0f 12 ff 04 09 0b ff 04 09 0e ff 04 09 0e ff 02 07 0b ff 01 05 06 ff 07 05 07 ff 0f 0c 0e ff 08 09 0c ff 03 06 0a ff 03 08 0b ff 03 0a 0a ff 05 03 07 ff 07 06 0b ff 08 0d 12 ff 07 11 15 ff 05 0a 0c ff 04 09 0d ff 04 09 0e ff 04 09 0d ff 00 05 06 ff 05 05 07 ff 0b 09 0b ff 0d 0c 0e ff 02 06 09 ff 03 09 0b ff 03 09 0a ff 04 06 08 ff 06 01 06 ff 08 0c 12 ff 07 0f 13 ff 05 0c 0f ff 03 07 09 ff 02 03 04 ff 05 09 0a ff 16 21 27 ff 21 2f 38 ff 24 32 3c ff 1c 28 2c ff 08 0c 0d
                                      Data Ascii: P$*0%3;#*!'!/8$2<(,
                                      2024-07-25 13:18:54 UTC538INData Raw: 11 07 03 ff 11 0a 02 ff 18 16 10 ff 18 18 16 ff 28 1e 18 ff 38 2e 25 ff 3f 34 29 ff 33 2b 24 ff 39 2e 27 ff 4e 3c 2f ff 49 36 2a ff 67 4c 49 ff 3b 29 24 ff 43 32 2d ff 31 22 18 ff 2e 23 19 ff 22 1f 19 ff 1f 1a 0e ff 1c 11 04 ff 21 13 05 ff 1d 11 04 ff 1f 14 04 ff 2a 1e 0c ff 31 22 12 ff 2e 20 15 ff 29 26 22 ff 2a 2d 29 ff 32 36 34 ff 34 39 38 ff 36 32 33 ff 25 1c 1a ff 22 10 09 ff 11 05 02 ff 1f 22 19 ff 10 1a 10 ff 23 33 2e ff 27 2e 25 ff 0e 02 03 ff 14 0a 04 ff 1b 19 17 ff 1f 1d 1d ff 5b 70 78 ff 1e 2b 31 ff 0a 15 1b ff 1b 2a 31 ff 2c 3f 4b ff 07 0a 0c ff 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 38 43 70 23 35 3f ff 15 23 2a ff 02 04 05 ff 3d 4f 5b ff 4a 62 70 ff 0f 19 1d ff 15 10 0d ff 12 0b 04 ff 21 14 02 ff 21 12 03 ff 14 07 04
                                      Data Ascii: (8.%?4)3+$9.'N</I6*gLI;)$C2-1".#"!*1". )&"*-)264498623%""#3.'.%[px+1*1,?Kp&8Cp#5?#*=O[Jbp!!
                                      2024-07-25 13:18:54 UTC4744INData Raw: 1e ff 3a 2c 20 ff 51 41 32 ff 4a 38 2f ff 4c 3b 37 ff 47 36 24 ff 5f 45 1e ff 5b 47 38 ff 3d 2f 29 ff 27 1c 1b ff 18 15 11 ff 1a 18 16 ff 18 10 07 ff 22 13 05 ff 27 16 07 ff 2a 18 06 ff 24 14 05 ff 35 24 0f ff 38 23 11 ff 31 28 1a ff 21 1c 19 ff 19 13 11 ff 19 0f 0b ff 19 0d 07 ff 1f 12 08 ff 18 0d 05 ff 1e 12 07 ff 15 1d 0f ff 19 27 15 ff 16 1d 15 ff 05 01 01 ff 05 01 01 ff 11 05 02 ff 21 20 1f ff 1b 19 18 ff 04 06 07 ff 55 66 71 ff 4a 5a 68 ff 04 0a 15 ff 23 35 3d ff 05 08 09 ff 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 0d 12 70 11 17 1d ff 39 4e 59 ff 52 66 72 ff 41 56 60 ff 23 31 37 ff 01 01 01 ff 29 26 24 ff 1f 10 07 ff 1d 10 05 ff 18 0c 02 ff 12 07 02 ff 0f 06 02 ff 14 0f 05 ff 0f 0d 05 ff 17 10 0e ff 35 2a 21 ff 2c 20 15 ff 32
                                      Data Ascii: :, QA2J8/L;7G6$_E[G8=/)'"'*$5$8#1(!'! UfqJZh#5=pp9NYRfrAV`#17)&$5*!, 2
                                      2024-07-25 13:18:54 UTC5930INData Raw: 20 ff 06 12 19 ff 01 10 18 ff 27 3b 44 ff 6c 89 95 ff bd e3 f7 ff 1e 24 27 ff 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 72 7e 70 69 77 81 ff 7a 8f 95 ff 1a 27 32 ff 16 2a 36 ff 14 27 32 ff 02 0b 10 ff 2f 2c 2a ff 3f 2d 22 ff 3d 27 1c ff 39 23 1a ff 3b 26 1e ff 40 2b 21 ff 4c 32 21 ff 7a 5a 46 ff 7f 61 50 ff 77 58 48 ff 65 4b 39 ff 55 3c 2f ff 45 36 28 ff 4c 39 2b ff 9c 7c 84 ff d1 ad cc ff b7 94 b8 ff ca ae c4 ff b6 92 af ff b1 86 a5 ff b1 88 9c ff ac 85 94 ff a4 7c 8c ff 8a 64 6f ff 83 5d 68 ff 61 42 4a ff 4d 33 35 ff 3e 29 24 ff 32 20 17 ff 31 25 19 ff 24 1f 1c ff 05 02 01 ff 28 23 1a ff 2a 20 12 ff 45 2f 16 ff 5a 3e 16 ff 5f 41 1a ff 42 2e 15 ff 35 25 17 ff 2b 1e 14 ff 47 2f 19 ff 5b 34 17 ff 55 2f 1a ff 59 30 18 ff 21 20 1e ff 24
                                      Data Ascii: ';Dl$'per~piwz'2*6'2/,*?-"='9#;&@+!L2!zZFaPwXHeK9U</E6(L9+||do]haBJM35>)$2 1%$(#* E/Z>_AB.5%+G/[4U/Y0! $
                                      2024-07-25 13:18:54 UTC2556INData Raw: 07 08 09 b7 11 1c 22 ff 1b 31 3b ff 10 1a 1e ff 0d 17 1b ff 27 33 3a ff 2a 38 3f ff 0d 1a 1f ff 02 05 0b ff 08 0d 0f ff 10 11 14 ff 14 12 18 ff 0f 12 12 ff 0d 0f 10 ff 0b 0c 0f ff 0b 0d 10 ff 0b 11 13 ff 09 0c 0f ff 0c 13 17 ff 0f 17 1c ff 0f 16 1b ff 08 0b 0c ff 09 0d 12 ff 09 0e 11 ff 08 0d 0f ff 07 0b 0d ff 0f 0b 11 ff 0a 0d 0e ff 09 0b 0c ff 08 09 0b ff 07 08 0a ff 0b 11 12 ff 09 0c 0f ff 09 0f 12 ff 0d 15 1a ff 12 1a 20 ff 0a 0e 10 ff 09 0d 11 ff 0a 0e 12 ff 09 0e 10 ff 06 09 0b ff 0d 0b 10 ff 0d 0e 10 ff 0a 0f 0f ff 0a 0c 0e ff 0a 0a 0d ff 0c 10 11 ff 0d 12 13 ff 0e 12 14 ff 14 1a 20 ff 14 1c 21 ff 0e 11 14 ff 07 08 09 ff 03 09 0e ff 15 21 26 ff 32 42 4a ff 28 35 3c ff 07 0f 12 ff 16 24 2a ff 22 31 38 ff 10 17 1b ff 01 01 02 b7 00 00 00 00 00 00 00
                                      Data Ascii: "1;'3:*8? !!&2BJ(5<$*"18


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:09:16:38
                                      Start date:25/07/2024
                                      Path:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\LisectAVT_2403002B_286.exe"
                                      Imagebase:0x400000
                                      File size:4'861'966 bytes
                                      MD5 hash:FEFFD73DDBA802EAE61E964E78EF7E95
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Antivirus matches:
                                      • Detection: 100%, Avira
                                      • Detection: 100%, Joe Sandbox ML
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:9
                                      Start time:09:17:30
                                      Start date:25/07/2024
                                      Path:C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe" "update" "LisectAVT_2403002B_286.exe"
                                      Imagebase:0x400000
                                      File size:5'283'840 bytes
                                      MD5 hash:BF04325C66CFA445F487A5F799990189
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: INDICATOR_EXE_Packed_DNGuard, Description: Detects executables packed with DNGuard, Source: 00000009.00000002.2778525625.00000000099C0000.00000004.10000000.00040000.00000000.sdmp, Author: ditekSHen
                                      Antivirus matches:
                                      • Detection: 100%, Avira
                                      • Detection: 100%, Joe Sandbox ML
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:10
                                      Start time:09:17:34
                                      Start date:25/07/2024
                                      Path:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe"
                                      Imagebase:0x400000
                                      File size:5'283'840 bytes
                                      MD5 hash:BF04325C66CFA445F487A5F799990189
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: INDICATOR_EXE_Packed_DNGuard, Description: Detects executables packed with DNGuard, Source: 0000000A.00000002.2831351105.0000000009990000.00000004.10000000.00040000.00000000.sdmp, Author: ditekSHen
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:11
                                      Start time:09:17:41
                                      Start date:25/07/2024
                                      Path:C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\LisectAVT_2403002B_286_Update.exe" "update" "LisectAVT_2403002B_286.exe"
                                      Imagebase:0x400000
                                      File size:5'283'840 bytes
                                      MD5 hash:F72D84B6D1683DEE10A997DEDB825D7D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: INDICATOR_EXE_Packed_DNGuard, Description: Detects executables packed with DNGuard, Source: 0000000B.00000002.2887278083.00000000099B0000.00000004.10000000.00040000.00000000.sdmp, Author: ditekSHen
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:13
                                      Start time:09:17:46
                                      Start date:25/07/2024
                                      Path:C:\Users\user\Desktop\LisectAVT_2403002B_286.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\LisectAVT_2403002B_286.exe" "clear" "LisectAVT_2403002B_286_Update.exe"
                                      Imagebase:0x400000
                                      File size:5'283'840 bytes
                                      MD5 hash:F72D84B6D1683DEE10A997DEDB825D7D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:false

                                      General

                                      Target ID:22
                                      Start time:09:18:11
                                      Start date:25/07/2024
                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\srv33q4h\srv33q4h.cmdline"
                                      Imagebase:0x710000
                                      File size:2'141'552 bytes
                                      MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:23
                                      Start time:09:18:11
                                      Start date:25/07/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:24
                                      Start time:09:18:13
                                      Start date:25/07/2024
                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3017.tmp" "c:\Users\user\AppData\Local\Temp\srv33q4h\CSCE64E61EBE53F4480B5C383A5A36CF7D1.TMP"
                                      Imagebase:0x6e0000
                                      File size:46'832 bytes
                                      MD5 hash:70D838A7DC5B359C3F938A71FAD77DB0
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:25
                                      Start time:09:18:25
                                      Start date:25/07/2024
                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zkeqnbkw\zkeqnbkw.cmdline"
                                      Imagebase:0x710000
                                      File size:2'141'552 bytes
                                      MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:26
                                      Start time:09:18:25
                                      Start date:25/07/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:27
                                      Start time:09:18:26
                                      Start date:25/07/2024
                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6262.tmp" "c:\Users\user\AppData\Local\Temp\zkeqnbkw\CSC5F800B2BAE9D475489BCBC699BC2FE5.TMP"
                                      Imagebase:0x6e0000
                                      File size:46'832 bytes
                                      MD5 hash:70D838A7DC5B359C3F938A71FAD77DB0
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:28
                                      Start time:09:18:28
                                      Start date:25/07/2024
                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1kjwnqt4\1kjwnqt4.cmdline"
                                      Imagebase:0x710000
                                      File size:2'141'552 bytes
                                      MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:29
                                      Start time:09:18:28
                                      Start date:25/07/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:30
                                      Start time:09:18:28
                                      Start date:25/07/2024
                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6D8E.tmp" "c:\Users\user\AppData\Local\Temp\1kjwnqt4\CSCF68404DF18AE46178AD88EB7B711C3F0.TMP"
                                      Imagebase:0x6e0000
                                      File size:46'832 bytes
                                      MD5 hash:70D838A7DC5B359C3F938A71FAD77DB0
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:7.4%
                                        Dynamic/Decrypted Code Coverage:98.5%
                                        Signature Coverage:33.3%
                                        Total number of Nodes:408
                                        Total number of Limit Nodes:42
                                        execution_graph 16570 4e0e660 16579 4e40b00 SetErrorMode 16570->16579 16572 4e0e673 16573 4e0e73d 16572->16573 16576 4e0e71c 16572->16576 16581 4e40b20 SetErrorMode 16573->16581 16575 4e0e753 16580 4e40b20 SetErrorMode 16576->16580 16578 4e0e732 16579->16572 16580->16578 16581->16575 16178 4e90d61 16179 4e90d64 16178->16179 16180 4e90dc0 NtOpenFile 16179->16180 16183 4e90dd6 16179->16183 16184 4e40ae0 16180->16184 16187 4e5c1c0 16184->16187 16185 4e40ae9 16188 4e5c1f6 NtCreateSection 16187->16188 16188->16185 16582 4dde650 16583 4dde67e 16582->16583 16584 4dde7c5 16583->16584 16586 4ddec94 16583->16586 16589 4ddebd6 16583->16589 16585 4ddec64 16588 4dd1510 NtClose 16585->16588 16587 4e765a0 NtClose 16586->16587 16590 4ddecc2 16586->16590 16587->16590 16588->16584 16589->16585 16591 4dd1510 NtClose 16589->16591 16591->16585 16189 4e5bcf0 16190 4e5bd12 NtOpenKey 16189->16190 16191 4e5c070 16192 4e5c0b0 NtReadFile 16191->16192 16195 4e5bff0 16196 4e5c03a NtCreateFile 16195->16196 16202 4e60ef0 16203 4e60f05 VirtualAlloc 16202->16203 16204 4e60fc2 CreateMutexW 16203->16204 16205 4e60f91 16203->16205 16206 4e60fe1 16204->16206 16205->16204 16592 4e76470 16593 4e7647d 16592->16593 16594 4e40ae0 NtCreateSection 16593->16594 16595 4e764d2 16594->16595 16637 43d9d9 16640 445f06 16637->16640 16639 43d9de 16639->16639 16641 445f36 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 16640->16641 16642 445f29 16640->16642 16643 445f2d 16641->16643 16642->16641 16642->16643 16643->16639 16608 4e147c0 16611 4e146e0 16608->16611 16616 4e14704 16611->16616 16612 4e1477a 16614 4e147a3 16612->16614 16615 4e765a0 NtClose 16612->16615 16613 4e765a0 NtClose 16613->16612 16615->16614 16616->16612 16616->16613 16298 4e44940 16299 4e44965 CreateFileMappingW 16298->16299 16301 4e449a2 16299->16301 16302 4e449cc MapViewOfFile 16301->16302 16303 4e449b7 16301->16303 16304 4e449f6 16302->16304 16305 4e449ea 16302->16305 16306 4e44a17 CreateFileMappingW 16304->16306 16307 4e44ac9 16306->16307 16308 4e44a39 MapViewOfFile 16306->16308 16308->16307 16310 4e44a5b 16308->16310 16310->16307 16311 4e44ad8 CreateThread 16310->16311 16313 4e44af4 16311->16313 16314 4e44b22 16313->16314 16315 4e441e0 CreateThread 16313->16315 16316 4e4420c 16315->16316 16316->16313 16317 4e477c0 16318 4e477de CreateMutexW 16317->16318 16320 4e478a2 CreateMutexW 16318->16320 16321 4e4787c 16318->16321 16326 4e478f7 16320->16326 16328 4e47902 16320->16328 16322 4e48080 16321->16322 16323 4e765a0 NtClose 16321->16323 16324 4e47893 16323->16324 16327 4e765a0 NtClose 16326->16327 16326->16328 16327->16328 16329 4e4797a CreateMutexW 16328->16329 16339 4e47938 16328->16339 16331 4e4799c 16329->16331 16335 4e479a7 16329->16335 16330 4e4806d 16330->16322 16334 4e765a0 NtClose 16330->16334 16333 4e765a0 NtClose 16331->16333 16331->16335 16332 4e765a0 NtClose 16332->16330 16333->16335 16334->16322 16336 4e47a37 CreateFileMappingW 16335->16336 16335->16339 16337 4e47a65 16336->16337 16338 4e47ac4 MapViewOfFile 16337->16338 16340 4e47a8b 16337->16340 16338->16339 16348 4e47b03 16338->16348 16339->16330 16339->16332 16342 4dd1510 NtClose 16340->16342 16341 4e47bda CreateFileMappingW 16345 4e47bff 16341->16345 16343 4e47aa6 16342->16343 16344 4dd1510 NtClose 16343->16344 16347 4e47aaf 16344->16347 16345->16340 16346 4e47c2e MapViewOfFile 16345->16346 16346->16340 16349 4e47c50 16346->16349 16348->16340 16348->16341 16349->16339 16350 4e47dd9 16349->16350 16351 4e47eb1 16350->16351 16353 4e47df8 16350->16353 16354 4e47e8b 16351->16354 16363 4e45fc0 GetFileAttributesW 16351->16363 16353->16354 16362 4e45fc0 GetFileAttributesW 16353->16362 16355 4dd1510 NtClose 16354->16355 16357 4e48031 16355->16357 16358 4dd1510 NtClose 16357->16358 16360 4e4803a 16358->16360 16359 4e47f2c 16364 4e45fc0 GetFileAttributesW 16359->16364 16362->16354 16363->16359 16364->16354 16365 4e5c4c0 16366 4e5c4ec NtQueryVolumeInformationFile 16365->16366 16367 4e5c0c0 16368 4e5c100 NtWriteFile 16367->16368 16373 4e5ca40 16374 4e5ca50 16373->16374 16375 4e5ca6f 16374->16375 16376 4e5ca68 TlsFree 16374->16376 16376->16375 16379 4e61440 16380 4e6144f 16379->16380 16381 4e61453 HeapCreate 16380->16381 16382 4e6146d 16380->16382 16381->16382 16383 4e61040 VirtualFree 16385 4e6106c 16383->16385 16384 4e610a4 16385->16384 16386 4e765a0 NtClose 16385->16386 16386->16384 16387 4e609c0 16388 4e609d3 16387->16388 16389 4e609f2 CreateThread 16388->16389 16391 4e765a0 NtClose 16388->16391 16390 4e60a15 16389->16390 16394 4e60a20 16389->16394 16392 4e765a0 NtClose 16390->16392 16390->16394 16393 4e609e7 16391->16393 16392->16394 16393->16389 16398 4e7e640 16399 4e7e653 16398->16399 16400 4e7e6b9 NtDeviceIoControlFile 16399->16400 16403 4e7e6c9 16400->16403 16401 4e40ae0 NtCreateSection 16402 4e7ebd2 16401->16402 16403->16401 16644 4e44750 16645 4e4476c 16644->16645 16646 4e44773 16645->16646 16649 4e44790 16645->16649 16647 4e44786 16646->16647 16648 4e765a0 NtClose 16646->16648 16648->16647 16650 4e765a0 NtClose 16649->16650 16652 4e448ec 16650->16652 16651 4e44914 16652->16651 16653 4e765a0 NtClose 16652->16653 16653->16651 16433 4e5c350 16434 4e5c39a NtQueryDirectoryFile 16433->16434 16489 4e7cf50 16491 4e7cf63 16489->16491 16490 4e7cf86 NtQueryInformationProcess 16499 4e7cfb2 16490->16499 16491->16490 16494 4e7d03a 16491->16494 16491->16499 16493 4e40ae0 NtCreateSection 16495 4e7d33f 16493->16495 16496 4e7d048 16494->16496 16494->16499 16497 4e40ae0 NtCreateSection 16496->16497 16498 4e7d051 16497->16498 16499->16493 16176 4e5c3a0 16177 4e5c3bd NtQueryAttributesFile 16176->16177 16621 4e787a0 16624 4e787b2 16621->16624 16622 4e40ae0 NtCreateSection 16623 4e787f9 16622->16623 16625 4e78867 16624->16625 16626 4e787dc 16624->16626 16627 4e40ae0 NtCreateSection 16625->16627 16626->16622 16628 4e78902 16627->16628 16193 4e5c5b0 16194 4e5c5d2 NtSetSecurityObject 16193->16194 16197 4e5bfb0 16198 4e5bfe1 NtOpenFile 16197->16198 16199 4e60cb0 16200 4e60cbb RtlQueueApcWow64Thread 16199->16200 16207 4e76430 16208 4e7643b 16207->16208 16213 4e5c290 16208->16213 16209 4e76459 16210 4e40ae0 NtCreateSection 16209->16210 16211 4e76464 16210->16211 16214 4e5c2ad NtUnmapViewOfSection 16213->16214 16214->16209 16215 4e80e30 16219 4e80e3e 16215->16219 16216 4e80eb5 16217 4e40ae0 NtCreateSection 16216->16217 16218 4e80ec9 16217->16218 16219->16216 16226 4e80ed4 16219->16226 16220 4e8150d 16221 4e40ae0 NtCreateSection 16220->16221 16222 4e8152a 16221->16222 16223 4e40ae0 NtCreateSection 16224 4e81142 16223->16224 16225 4e80f1b 16225->16223 16226->16225 16227 4e8114f 16226->16227 16227->16220 16228 4e5c290 NtUnmapViewOfSection 16227->16228 16228->16220 16229 4ded900 16232 4de9810 16229->16232 16231 4ded94f 16233 4de982e 16232->16233 16234 4de9892 16233->16234 16235 4de9fd7 16233->16235 16240 4de9884 16233->16240 16234->16231 16235->16234 16238 4dea291 16235->16238 16246 4dd1510 16235->16246 16237 4dd1510 NtClose 16237->16234 16238->16234 16238->16237 16240->16234 16241 4e0e760 16240->16241 16250 4e40b00 SetErrorMode 16241->16250 16244 4e0e81d 16244->16240 16245 4e0e774 16251 4e40b20 SetErrorMode 16245->16251 16247 4dd1524 16246->16247 16248 4dd1519 16246->16248 16247->16238 16248->16247 16252 4e765a0 16248->16252 16250->16245 16251->16244 16253 4e765cb 16252->16253 16254 4e765a9 NtClose 16252->16254 16253->16253 16254->16247 16256 4e0b200 16257 4e0b20a 16256->16257 16284 4e40b00 SetErrorMode 16257->16284 16259 4e0b412 16266 4e0b84c 16259->16266 16269 4e0b3a1 16259->16269 16274 4e0b6e5 16259->16274 16281 4e0b8c1 16259->16281 16260 4e0b244 16260->16259 16261 4e0b369 NtQueryInformationProcess 16260->16261 16261->16259 16262 4e0b373 16261->16262 16262->16259 16263 4e0b3eb WNetGetConnectionW 16262->16263 16262->16269 16263->16259 16265 4e0c255 16285 4e40b20 SetErrorMode 16266->16285 16268 4e0b896 16287 4e40b20 SetErrorMode 16269->16287 16270 4e0bdb2 NtOpenFile 16279 4e0bc95 16270->16279 16272 4e0c0ec NtOpenFile 16277 4e0c016 16272->16277 16273 4e0b979 16274->16279 16274->16281 16275 4dd1510 NtClose 16275->16277 16276 4e765a0 NtClose 16276->16279 16277->16272 16277->16275 16278 4e0c153 NtQueryDirectoryFile 16277->16278 16283 4e0c26b 16277->16283 16278->16277 16280 4e0c181 16278->16280 16279->16270 16279->16276 16279->16277 16282 4dd1510 NtClose 16280->16282 16286 4e40b20 SetErrorMode 16281->16286 16282->16269 16284->16260 16285->16268 16286->16273 16287->16265 16288 4e15e80 16289 4e15f1b 16288->16289 16290 4e765a0 NtClose 16289->16290 16292 4e15f31 16289->16292 16290->16292 16291 4e15f59 CreateThread 16295 4e15f86 16291->16295 16297 4e15f91 16291->16297 16292->16291 16294 4e765a0 NtClose 16292->16294 16294->16291 16296 4e765a0 NtClose 16295->16296 16295->16297 16296->16297 16369 4e5c500 16370 4e5c545 NtFsControlFile 16369->16370 16371 4e5ba80 16372 4e5bab6 NtDuplicateObject 16371->16372 16377 4e5c200 16378 4e5c245 NtMapViewOfSection 16377->16378 16395 4e75880 16396 4e75899 GetSystemInfo 16395->16396 16397 4e758b3 16396->16397 16404 4e77b00 16405 4e77b11 16404->16405 16406 4e77b32 NtSetSecurityObject 16405->16406 16407 4e77b5f NtSetSecurityObject 16405->16407 16408 4e77b4d 16406->16408 16410 4e77b82 16407->16410 16565 4e8a080 16566 4e8a0a0 16565->16566 16567 4e8a1e7 16566->16567 16569 4e45fc0 GetFileAttributesW 16566->16569 16569->16567 16411 4dd4830 16412 4dd484c 16411->16412 16413 4dd4840 16411->16413 16413->16412 16415 4e5ba50 16413->16415 16416 4e5ba6c NtClose 16415->16416 16416->16412 16417 4ded7b0 16419 4ded7d2 16417->16419 16418 4ded7e8 16419->16418 16420 4e5ba50 NtClose 16419->16420 16420->16418 16654 4e0c510 16655 4e0c520 16654->16655 16656 4e765a0 NtClose 16655->16656 16657 4e0c540 16655->16657 16656->16657 16421 4e48090 16422 4e480c6 16421->16422 16423 4e482ab CreateFileMappingW 16422->16423 16424 4e48148 16422->16424 16425 4e482d6 MapViewOfFile 16423->16425 16428 4e48309 16425->16428 16426 4e48507 16427 4e765a0 NtClose 16427->16428 16428->16426 16428->16427 16429 4e5c190 16430 4e5c1b2 NtOpenSection 16429->16430 16431 4e5c110 16432 4e5c13c NtSetInformationFile 16431->16432 16438 4e76e10 16439 4e76e1d 16438->16439 16446 4e0f5c0 16439->16446 16452 4deb9d0 16439->16452 16478 4e40b00 SetErrorMode 16439->16478 16440 4e76e4e 16441 4e40ae0 NtCreateSection 16440->16441 16442 4e76e83 16441->16442 16447 4e0f5e8 16446->16447 16448 4e0f61f NtOpenFile 16447->16448 16449 4e0f632 16448->16449 16450 4e0f63d 16448->16450 16449->16450 16451 4e765a0 NtClose 16449->16451 16450->16440 16451->16450 16463 4deb9f3 16452->16463 16453 4dec835 16456 4e40ae0 NtCreateSection 16453->16456 16454 4e40ae0 NtCreateSection 16455 4decf51 16454->16455 16455->16440 16457 4dec846 16456->16457 16457->16440 16458 4e40ae0 NtCreateSection 16459 4decb61 16458->16459 16459->16440 16460 4e0f5c0 2 API calls 16460->16463 16461 4dec774 16461->16453 16477 4dece8b 16461->16477 16462 4dec8d8 16462->16458 16463->16460 16463->16461 16463->16462 16465 4decc08 16463->16465 16466 4dec42c 16463->16466 16467 4decdb8 16463->16467 16463->16477 16479 4e0f150 16463->16479 16472 4decce5 16465->16472 16465->16477 16469 4dec4e2 16466->16469 16466->16477 16468 4dece6e 16467->16468 16467->16477 16470 4e40ae0 NtCreateSection 16468->16470 16471 4e40ae0 NtCreateSection 16469->16471 16473 4dece7f 16470->16473 16474 4dec4f3 16471->16474 16475 4e40ae0 NtCreateSection 16472->16475 16473->16440 16474->16440 16476 4deccf6 16475->16476 16476->16440 16477->16454 16478->16440 16480 4e0f181 16479->16480 16481 4e0f1b5 NtOpenFile 16480->16481 16484 4e0f260 16481->16484 16486 4e0f1c1 16481->16486 16482 4e0f3a4 16482->16463 16483 4e765a0 NtClose 16483->16482 16485 4e0f2d0 NtQueryDirectoryFile 16484->16485 16488 4e0f300 16484->16488 16485->16484 16486->16484 16487 4e0f253 NtOpenFile 16486->16487 16487->16484 16488->16482 16488->16483 16500 4e8e190 16503 4e8e1a9 16500->16503 16501 4e40ae0 NtCreateSection 16502 4e8ed2a 16501->16502 16504 4e8ed39 16503->16504 16505 4e8e79f CreateProcessW 16503->16505 16506 4e8ecb9 16503->16506 16508 4e8eda5 16503->16508 16513 4e8edc6 16503->16513 16516 4e88400 16503->16516 16507 4e40ae0 NtCreateSection 16504->16507 16505->16503 16505->16504 16506->16501 16509 4e8ed96 16507->16509 16510 4e40ae0 NtCreateSection 16508->16510 16511 4e8edb7 16510->16511 16514 4e40ae0 NtCreateSection 16513->16514 16515 4e8eea7 16514->16515 16517 4e88423 16516->16517 16518 4e8843c 16517->16518 16525 4e8862c 16517->16525 16531 4e886e4 16517->16531 16518->16503 16519 4dd1510 NtClose 16520 4e8869c 16519->16520 16522 4dd1510 NtClose 16520->16522 16521 4dd1510 NtClose 16526 4e89203 16521->16526 16523 4e886bb 16522->16523 16524 4dd1510 NtClose 16523->16524 16530 4e886c4 16524->16530 16525->16519 16527 4dd1510 NtClose 16526->16527 16528 4e8921e 16527->16528 16529 4dd1510 NtClose 16528->16529 16529->16530 16530->16503 16532 4e88707 16531->16532 16533 4e89102 16531->16533 16532->16521 16534 4dd1510 NtClose 16533->16534 16535 4e89153 16534->16535 16536 4dd1510 NtClose 16535->16536 16537 4e8916e 16536->16537 16538 4dd1510 NtClose 16537->16538 16539 4e89177 16538->16539 16539->16503 16540 4e8db90 16541 4e8dba0 16540->16541 16542 4e8dbe2 LdrLoadDll 16541->16542 16543 4e8dbef 16542->16543 16547 4e8dc4f 16543->16547 16548 4e8dab0 16543->16548 16545 4e40ae0 NtCreateSection 16546 4e8dd59 16545->16546 16547->16545 16549 4e8dacc NtQueryInformationProcess 16548->16549 16550 4e8dae0 16549->16550 16550->16547 16551 4dd4920 16552 4dd4944 16551->16552 16553 4dd49f3 VirtualProtect 16552->16553 16555 4dd4a87 16552->16555 16557 4e75810 VirtualProtect 16552->16557 16558 4e75840 16552->16558 16553->16552 16553->16555 16557->16552 16559 4e75846 VirtualProtect 16558->16559 16560 4e7585c 16558->16560 16559->16560 16560->16552

                                        Executed Functions

                                        Function 04E0B200 Relevance: 8.7, APIs: 5, Instructions: 1217nativeshareCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E40B00: SetErrorMode.KERNEL32(?,?,04E0E673,00000001,?), ref: 04E40B08
                                        • NtQueryInformationProcess.NTDLL(?,?,04EAD6DC,00000001,?,?,00000001), ref: 04E0B369
                                        • WNetGetConnectionW.MPR(?,00000001,?,?,00000001,?,?,?,04EAD6DC,00000001,?,?,00000001), ref: 04E0B3FA
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ConnectionErrorInformationModeProcessQuery
                                        • String ID:
                                        • API String ID: 3711381085-0
                                        • Opcode ID: fa72fde27ff48b83146a4bf3c55031bd333c03511d0e37b625c654cf2e80a44b
                                        • Instruction ID: c2eddbe6b4623f79002e107951a64a0507de14bb55386b6638bd96e4bbc6dafe
                                        • Opcode Fuzzy Hash: fa72fde27ff48b83146a4bf3c55031bd333c03511d0e37b625c654cf2e80a44b
                                        • Instruction Fuzzy Hash: 98A26D316043409FE724EB64D890AEFB7A5FFD4308F00992DE69A572D1EB34B945CB92
                                        Function 04E0F150 Relevance: 4.7, APIs: 3, Instructions: 208filenativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: File$Open$DirectoryQuery
                                        • String ID:
                                        • API String ID: 1030887729-0
                                        • Opcode ID: a0d4ee3dc64f036420b9cc9d19434f399815d81474f621f7bb3167793f97f86c
                                        • Instruction ID: d782f1a5921aa471c18fe71dfb87a74da79bf0b45ad2c347212a1479d488a59a
                                        • Opcode Fuzzy Hash: a0d4ee3dc64f036420b9cc9d19434f399815d81474f621f7bb3167793f97f86c
                                        • Instruction Fuzzy Hash: 3161B375704201ABE714EBA4D890F7F73A8AFC8718F00552CBA56AB2C1DA74FD54CB91
                                        Function 04E7E640 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 395filenativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 966 4e7e640-4e7e6c3 call 4e40ab0 NtDeviceIoControlFile 970 4e7ebc9-4e7ebde call 4e40ae0 966->970 971 4e7e6c9-4e7e6cf 966->971 971->970 973 4e7e6d5-4e7e70e call 4e402c0 call 4e40340 call 4e40620 971->973 982 4e7e773-4e7e780 call 4e40340 973->982 983 4e7e710-4e7e76e call 4e406e0 call 4e60510 call 4e5f5c0 call 4e5d430 call 4e5f610 call 4e5d430 * 2 call 4e5d390 973->983 988 4e7e7e7-4e7e7f9 982->988 989 4e7e782-4e7e792 call 4e40340 982->989 983->982 996 4e7ebc0-4e7ebc4 call 4e406c0 988->996 997 4e7e7ff-4e7e862 call 4e406e0 call 4e60510 call 4e5f5c0 call 4e5d430 call 4e5f610 call 4e5d430 * 2 call 4e5d390 988->997 989->988 998 4e7e794-4e7e7a9 call 4e40340 989->998 996->970 997->996 998->988 1008 4e7e7ab-4e7e7bb call 4e40340 998->1008 1008->988 1017 4e7e7bd-4e7e7ce call 4e40340 1008->1017 1017->988 1026 4e7e7d0-4e7e7e1 call 4e40340 1017->1026 1026->988 1033 4e7e867-4e7e8da call 4e40620 call 4e408c0 call 4e40270 call 4e40340 * 2 call 4e40290 call 4e40340 1026->1033 1053 4e7e981-4e7e993 1033->1053 1054 4e7e8e0-4e7e8f2 1033->1054 1057 4e7ea26-4e7ea36 call 4e78f20 1053->1057 1058 4e7e999-4e7ea1b call 4e406e0 call 4dd4ec0 call 4e60510 call 4e5f5c0 call 4e5d430 call 4e5f610 call 4e5d430 call 4e606a0 call 4e5d430 call 4e5d390 1053->1058 1054->1053 1059 4e7e8f8-4e7e976 call 4e406e0 call 4e5f790 call 4e60510 call 4e5f5c0 call 4e5d430 call 4e5f610 call 4e5d430 call 4e606a0 call 4e5d430 call 4e5d390 1054->1059 1067 4e7eab2-4e7eac4 1057->1067 1068 4e7ea38-4e7ea4a 1057->1068 1058->1057 1159 4e7ea1d-4e7ea23 1058->1159 1059->1053 1156 4e7e978-4e7e97e 1059->1156 1079 4e7eac6-4e7eb27 call 4e406e0 call 4e60510 call 4e5f5c0 call 4e5d430 call 4e5f610 call 4e5d430 * 2 call 4e5d390 1067->1079 1080 4e7eb2c-4e7eb36 1067->1080 1068->1067 1078 4e7ea4c-4e7eaad call 4e406e0 call 4e60510 call 4e5f5c0 call 4e5d430 call 4e5f610 call 4e5d430 * 2 call 4e5d390 1068->1078 1078->1067 1079->1080 1085 4e7eb48-4e7eb66 call 4e40340 1080->1085 1086 4e7eb38-4e7eb46 call 4dd4050 1080->1086 1099 4e7eb78-4e7eb9e call 4e40340 1085->1099 1100 4e7eb68-4e7eb76 call 4dd4050 1085->1100 1105 4e7ebb4-4e7ebbb call 4e406c0 1086->1105 1099->1105 1131 4e7eba0-4e7eba3 1099->1131 1100->1105 1105->996 1131->1105 1136 4e7eba5-4e7ebae 1131->1136 1136->1105 1151 4e7ebb0 1136->1151 1151->1105 1156->1053 1159->1057
                                        APIs
                                        • NtDeviceIoControlFile.NTDLL ref: 04E7E6B9
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ControlDeviceFile
                                        • String ID: 4
                                        • API String ID: 3512290074-4088798008
                                        • Opcode ID: 567134a892887c61b55ed2c05a8389f99aa1af9daebabc8ebcfacd2dcd889f4a
                                        • Instruction ID: 2eb099919436ce7eec50f14ef8785df9764516c375b4d7ff655190e7f7d8324e
                                        • Opcode Fuzzy Hash: 567134a892887c61b55ed2c05a8389f99aa1af9daebabc8ebcfacd2dcd889f4a
                                        • Instruction Fuzzy Hash: 72E16E70604301ABEB18FF74DC94D7F77A5AFC4208F40A96CE5469B1A0EE74F9498B92
                                        Function 04E77B00 Relevance: 3.1, APIs: 2, Instructions: 60nativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1292 4e77b00-4e77b30 1295 4e77b32-4e77b49 NtSetSecurityObject 1292->1295 1296 4e77b5f-4e77b7f NtSetSecurityObject 1292->1296 1297 4e77b4d-4e77b5e 1295->1297 1300 4e77b82-4e77b94 1296->1300
                                        APIs
                                        • NtSetSecurityObject.NTDLL(?,?,?), ref: 04E77B3C
                                        • NtSetSecurityObject.NTDLL ref: 04E77B76
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ObjectSecurity
                                        • String ID:
                                        • API String ID: 2240786066-0
                                        • Opcode ID: 39c6003f9a6f4962c4ce7683b9fd1a89417992840de0811d90ebe701745c0802
                                        • Instruction ID: 211204aff871dac6359658755e43c50c1fdfd457015d3acdf3efcdc9dee69889
                                        • Opcode Fuzzy Hash: 39c6003f9a6f4962c4ce7683b9fd1a89417992840de0811d90ebe701745c0802
                                        • Instruction Fuzzy Hash: 8D11FAB6721205AFC600FBAEED84C6B77EEFBE82527044929F515C3254C639EC058B61
                                        Function 04E8E190 Relevance: 2.4, APIs: 1, Instructions: 902COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1302 4e8e190-4e8e1bd call 4e40ab0 1305 4e8e1bf-4e8e1d1 1302->1305 1306 4e8e210-4e8e214 1302->1306 1309 4e8e1f8-4e8e20a 1305->1309 1310 4e8e1d3-4e8e1f3 call 4e60510 call 4e5d430 call 4e5d390 1305->1310 1307 4e8e220-4e8e236 1306->1307 1312 4e8e238-4e8e272 call 4e60510 call 4e5d430 call 4e5f6b0 call 4e5f5c0 call 4e5d390 1307->1312 1313 4e8e277-4e8e281 1307->1313 1309->1306 1310->1309 1312->1313 1317 4e8ecb9-4e8eccb 1313->1317 1318 4e8e287-4e8e294 1313->1318 1330 4e8eccd-4e8ed1c call 4e60510 call 4e5d430 call 4e5f6b0 call 4e5f5c0 call 4e5f6b0 call 4e5f5c0 call 4e5d390 1317->1330 1331 4e8ed21-4e8ed36 call 4e40ae0 1317->1331 1321 4e8e2d9-4e8e365 call 4e794f0 call 4e8cad0 1318->1321 1322 4e8e296-4e8e2a8 1318->1322 1353 4e8ed39-4e8ed82 call 4e76060 1321->1353 1354 4e8e36b-4e8e374 1321->1354 1337 4e8e2aa-4e8e2cf call 4e60510 call 4e5d430 call 4e5d390 1322->1337 1338 4e8e2d4 1322->1338 1330->1331 1337->1338 1338->1321 1369 4e8ed84-4e8eda2 call 4e795a0 call 4e40ae0 1353->1369 1359 4e8e37a-4e8e383 1354->1359 1360 4e8e6c6-4e8e6cf 1354->1360 1365 4e8e389-4e8e395 call 4e40ad0 1359->1365 1366 4e8e410-4e8e418 1359->1366 1363 4e8e73c-4e8e7aa CreateProcessW 1360->1363 1364 4e8e6d1-4e8e6d4 1360->1364 1363->1369 1385 4e8e7b0-4e8e7b2 1363->1385 1364->1363 1372 4e8e6d6-4e8e73a 1364->1372 1382 4e8e3b5-4e8e3be 1365->1382 1383 4e8e397-4e8e3ae 1365->1383 1370 4e8e6b9-4e8e6c1 1366->1370 1371 4e8e41e-4e8e474 call 4dd1cf0 call 4dd25c0 1366->1371 1376 4e8e7b8-4e8e7ef 1370->1376 1414 4e8e494-4e8e4b3 call 4dd1cf0 1371->1414 1415 4e8e476-4e8e48d 1371->1415 1372->1385 1406 4e8e809-4e8e81b 1376->1406 1407 4e8e7f1-4e8e807 1376->1407 1388 4e8e3de-4e8e3e7 1382->1388 1389 4e8e3c0-4e8e3d7 1382->1389 1383->1382 1385->1376 1390 4e8eda5-4e8edc3 call 4e795a0 call 4e40ae0 1385->1390 1388->1307 1398 4e8e3ed-4e8e40b 1388->1398 1389->1388 1398->1307 1413 4e8e81e-4e8e822 1406->1413 1407->1413 1416 4e8e853-4e8e85a 1413->1416 1417 4e8e824-4e8e851 1413->1417 1425 4e8e588-4e8e5c9 call 4e0f070 * 2 call 4dd25c0 1414->1425 1426 4e8e4b9-4e8e510 call 4e0f070 * 3 call 4dd25c0 1414->1426 1415->1414 1420 4e8e86b-4e8e89f 1416->1420 1421 4e8e85c 1416->1421 1436 4e8e8a2-4e8e8a9 1417->1436 1420->1436 1424 4e8e860-4e8e869 1421->1424 1424->1420 1424->1424 1454 4e8e5e9-4e8e5f2 1425->1454 1455 4e8e5cb-4e8e5e2 1425->1455 1468 4e8e530-4e8e539 1426->1468 1469 4e8e512-4e8e529 1426->1469 1438 4e8e8db-4e8e8de 1436->1438 1439 4e8e8ab-4e8e8bb 1436->1439 1445 4e8e910-4e8e927 1438->1445 1446 4e8e8e0-4e8e8f0 1438->1446 1439->1438 1443 4e8e8bd-4e8e8d4 1439->1443 1443->1438 1450 4e8e929-4e8e955 call 4e78cb0 1445->1450 1451 4e8e981-4e8e989 1445->1451 1446->1445 1449 4e8e8f2-4e8e909 1446->1449 1449->1445 1482 4e8e975-4e8e977 1450->1482 1483 4e8e957-4e8e96e 1450->1483 1456 4e8e98f-4e8e992 1451->1456 1457 4e8eaa5-4e8eaa8 1451->1457 1464 4e8e612-4e8e67c 1454->1464 1465 4e8e5f4-4e8e608 1454->1465 1455->1454 1460 4e8e9cb-4e8e9df 1456->1460 1461 4e8e994-4e8e9c9 1456->1461 1462 4e8eaaa-4e8eada 1457->1462 1463 4e8eadc-4e8eaee 1457->1463 1471 4e8e9e3-4e8ea66 call 4e864a0 1460->1471 1461->1471 1472 4e8eaf0-4e8eb7b call 4e88400 1462->1472 1463->1472 1495 4e8e67e-4e8e68f 1464->1495 1496 4e8e693-4e8e699 1464->1496 1486 4e8e60f 1465->1486 1475 4e8e559-4e8e562 1468->1475 1476 4e8e53b-4e8e552 1468->1476 1469->1468 1503 4e8ea6c-4e8ea7a 1471->1503 1504 4e8eba1-4e8eba5 1471->1504 1472->1504 1505 4e8eb7d-4e8eb8a 1472->1505 1475->1464 1485 4e8e568-4e8e583 1475->1485 1476->1475 1488 4e8e979-4e8e97b 1482->1488 1489 4e8e97d 1482->1489 1483->1482 1485->1486 1486->1464 1488->1451 1489->1451 1495->1496 1496->1385 1499 4e8e69f-4e8e6b4 1496->1499 1499->1385 1503->1504 1507 4e8ea80-4e8eaa0 1503->1507 1509 4e8ebab-4e8ebb3 1504->1509 1510 4e8edc6-4e8edce 1504->1510 1505->1504 1508 4e8eb8c-4e8eb9d 1505->1508 1507->1504 1508->1504 1513 4e8ebb9-4e8ec17 1509->1513 1514 4e8ee6d-4e8ee71 1509->1514 1511 4e8ee1f-4e8ee63 1510->1511 1512 4e8edd0-4e8edd8 1510->1512 1518 4e8ee84-4e8ee8a 1511->1518 1534 4e8ee65 1511->1534 1519 4e8edda 1512->1519 1520 4e8ede1-4e8ee1d 1512->1520 1539 4e8ec1d-4e8ec23 1513->1539 1540 4e8ee67-4e8ee6b 1513->1540 1517 4e8ee73-4e8ee7a 1514->1517 1514->1518 1522 4e8ee7d 1517->1522 1523 4e8ee8c-4e8ee92 1518->1523 1524 4e8ee95-4e8eeb5 call 4e795a0 call 4e40ae0 1518->1524 1519->1520 1520->1518 1522->1518 1523->1524 1534->1522 1541 4e8ec2e-4e8ec37 1539->1541 1542 4e8ec25-4e8ec2b 1539->1542 1540->1518 1543 4e8ec39-4e8ec50 1541->1543 1544 4e8ec57-4e8ec60 1541->1544 1542->1541 1543->1544 1545 4e8ec80-4e8ec87 1544->1545 1546 4e8ec62-4e8ec79 1544->1546 1545->1307 1548 4e8ec8d-4e8ecb4 1545->1548 1546->1545 1548->1307
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ebe2656fa84c8ef087835a70ba7e5797f216e4a1191def5ea5e87bb122a84e52
                                        • Instruction ID: 204ee05ae49685f2adb12ca2b3ebc1e44187fee9fa9aed2dcc615107252ffcea
                                        • Opcode Fuzzy Hash: ebe2656fa84c8ef087835a70ba7e5797f216e4a1191def5ea5e87bb122a84e52
                                        • Instruction Fuzzy Hash: 3E724AB1A083449FD730EF69D880A9BB7E9EFC9704F04991DE59D87251EB31B904CB92
                                        Function 04E7CF50 Relevance: 1.8, APIs: 1, Instructions: 295nativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1552 4e7cf50-4e7cf76 call 4e40ab0 1555 4e7d000-4e7d028 1552->1555 1556 4e7cf7c-4e7cf7f 1552->1556 1569 4e7d305-4e7d32a 1555->1569 1570 4e7d02e-4e7d034 1555->1570 1557 4e7cfb2-4e7cfc4 1556->1557 1558 4e7cf81-4e7cf84 1556->1558 1560 4e7cfc6-4e7cfcb 1557->1560 1561 4e7cfcd-4e7cfe4 1557->1561 1558->1555 1559 4e7cf86-4e7cfad 1558->1559 1563 4e7d32b-4e7d334 NtQueryInformationProcess 1559->1563 1564 4e7cfe6-4e7cfef 1560->1564 1561->1564 1567 4e7d336-4e7d34b call 4e40ae0 1563->1567 1564->1567 1568 4e7cff5-4e7cffb 1564->1568 1568->1567 1569->1563 1570->1569 1573 4e7d03a-4e7d03d 1570->1573 1575 4e7d063-4e7d0f4 call 4dd1cf0 call 4dfe4f0 call 4dd25c0 * 2 1573->1575 1576 4e7d03f-4e7d046 1573->1576 1590 4e7d0f6-4e7d0fc 1575->1590 1591 4e7d0ff-4e7d109 1575->1591 1576->1575 1577 4e7d048-4e7d060 call 4e40ae0 1576->1577 1590->1591 1592 4e7d10f-4e7d110 1591->1592 1593 4e7d10b-4e7d10d 1591->1593 1595 4e7d116-4e7d119 1592->1595 1593->1592 1593->1595 1596 4e7d11f-4e7d162 call 4dd25c0 call 4dd3f20 call 4dd25c0 1595->1596 1597 4e7d2aa-4e7d2bb 1595->1597 1613 4e7d164-4e7d175 1596->1613 1614 4e7d179-4e7d17f 1596->1614 1598 4e7d2bf-4e7d2ca 1597->1598 1599 4e7d2bd 1597->1599 1601 4e7d2d3-4e7d2f4 1598->1601 1602 4e7d2cc-4e7d2d1 1598->1602 1599->1598 1605 4e7d2f6-4e7d2f8 1601->1605 1602->1605 1605->1567 1608 4e7d2fa-4e7d303 1605->1608 1608->1567 1613->1614 1615 4e7d181-4e7d187 1614->1615 1616 4e7d18a-4e7d20a call 4e405a0 * 2 call 4e402e0 call 4e40340 * 2 call 4dd4c20 call 4dd25c0 1614->1616 1615->1616 1634 4e7d221-4e7d22f call 4e40900 1616->1634 1635 4e7d20c-4e7d21d 1616->1635 1639 4e7d251-4e7d27b call 4e40340 call 4dd4c20 call 4e0f9a0 1634->1639 1640 4e7d231-4e7d241 call 4e409b0 1634->1640 1635->1634 1651 4e7d292-4e7d2a5 call 4e406c0 * 2 1639->1651 1652 4e7d27d-4e7d28e 1639->1652 1640->1639 1645 4e7d243-4e7d24c call 4e093b0 1640->1645 1645->1639 1651->1597 1652->1651
                                        APIs
                                        • NtQueryInformationProcess.NTDLL ref: 04E7D332
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: InformationProcessQuery
                                        • String ID:
                                        • API String ID: 1778838933-0
                                        • Opcode ID: 285508c39ebb46caeddec3787866bd04960fb80a901adca7fdef24bdbdad257b
                                        • Instruction ID: 835b03c3c5c349fe52e506d11e257bc6a5e945e8a2481b553abe9a83fcbe0537
                                        • Opcode Fuzzy Hash: 285508c39ebb46caeddec3787866bd04960fb80a901adca7fdef24bdbdad257b
                                        • Instruction Fuzzy Hash: 65B13CB16083409BD324EF54D880DAFB3E9AFC8718F04591DF68A97251EB34F945CBA2
                                        Function 04E90D61 Relevance: 1.7, APIs: 1, Instructions: 195filenativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2364 4e90d61-4e90d62 2365 4e90dba-4e90dc8 NtOpenFile call 4e40ae0 2364->2365 2366 4e90d64-4e90d7b call 4e40ab0 2364->2366 2371 4e90dcd-4e90dd3 2365->2371 2373 4e90d7d-4e90db8 2366->2373 2374 4e90dd6-4e90ddc 2366->2374 2373->2365 2375 4e90dde 2374->2375 2376 4e90de4-4e90df7 2374->2376 2375->2376 2377 4e90df9-4e90e00 2376->2377 2378 4e90e08-4e90e32 2376->2378 2377->2378 2379 4e90e02-4e90e03 call 4e8eec0 2377->2379 2382 4e90e38-4e90e79 call 4dd4c20 call 4e60510 call 4e5f5c0 call 4e5d430 2378->2382 2383 4e90f55-4e90fd7 call 4dd4c20 call 4e60510 call 4e5f5c0 call 4e5d430 2378->2383 2379->2378 2399 4e90e7b-4e90e8e 2382->2399 2400 4e90e92-4e90f09 call 4e5e6f0 call 4e5e180 call 4e5d450 call 4e5f5c0 call 4e606a0 call 4e5f5c0 call 4e606a0 call 4e5f5c0 call 4e606a0 call 4e5f5c0 call 4e5d390 2382->2400 2408 4e90fd9-4e90fec 2383->2408 2409 4e90ff0 2383->2409 2399->2400 2430 4e90f0b-4e90f1c 2400->2430 2431 4e90f20-4e90f26 2400->2431 2408->2409 2430->2431 2432 4e90f28-4e90f39 2431->2432 2433 4e90f3d-4e90f43 2431->2433 2432->2433 2435 4e90f4e 2433->2435 2436 4e90f45-4e90f4b 2433->2436 2435->2383 2436->2435
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: FileOpen
                                        • String ID:
                                        • API String ID: 2669468079-0
                                        • Opcode ID: 209a75070c8abaa29a19507b8bed34bea548c91771ece3bec8e7cafb82eac9e3
                                        • Instruction ID: 414e5c0102327053d6e9916f932aeb6fe879c8e2e8e59244ec7e5343517ce651
                                        • Opcode Fuzzy Hash: 209a75070c8abaa29a19507b8bed34bea548c91771ece3bec8e7cafb82eac9e3
                                        • Instruction Fuzzy Hash: 4C614D71A043019BDB54EF64D880F6FB7E9AF88608F44992DB589D7291EA30FD44CB92
                                        Function 04E8DB90 Relevance: 1.7, APIs: 1, Instructions: 151libraryloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2439 4e8db90-4e8dbed call 4e40ab0 call 4dd4c20 LdrLoadDll 2445 4e8dbef-4e8dbf1 2439->2445 2446 4e8dc42-4e8dc44 2439->2446 2448 4e8dc46-4e8dc4a call 4e8dab0 2445->2448 2449 4e8dbf3-4e8dbfa 2445->2449 2447 4e8dc4f-4e8dc61 2446->2447 2446->2448 2454 4e8dd3d 2447->2454 2455 4e8dc67-4e8dcd6 call 4dd4e30 call 4e5f790 call 4dd25c0 call 4e60510 call 4e5f5c0 call 4e5d430 2447->2455 2448->2447 2449->2446 2450 4e8dbfc-4e8dc03 2449->2450 2450->2446 2452 4e8dc05-4e8dc10 2450->2452 2452->2446 2460 4e8dc12-4e8dc3a 2452->2460 2458 4e8dd3f-4e8dd45 2454->2458 2478 4e8dcd8-4e8dcde 2455->2478 2479 4e8dce1-4e8dd13 call 4e5f5c0 call 4e606a0 call 4e5f5c0 call 4e606a0 call 4e5f5c0 call 4e5d390 2455->2479 2461 4e8dd50-4e8dd62 call 4e40ae0 2458->2461 2462 4e8dd47-4e8dd4d 2458->2462 2460->2446 2462->2461 2478->2479 2493 4e8dd2a-4e8dd30 2479->2493 2494 4e8dd15-4e8dd26 2479->2494 2493->2458 2495 4e8dd32-4e8dd3b 2493->2495 2494->2493 2495->2458
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: Load
                                        • String ID:
                                        • API String ID: 2234796835-0
                                        • Opcode ID: 8f6d356e874c46af098d62c5be9da73fffad16c525fd842f600bcdf6f8a2aa77
                                        • Instruction ID: b6f2f76ffae7470de28aec895a74697ede7e5c1155a381190e9809a08fafd0a7
                                        • Opcode Fuzzy Hash: 8f6d356e874c46af098d62c5be9da73fffad16c525fd842f600bcdf6f8a2aa77
                                        • Instruction Fuzzy Hash: 74517B71645300ABDB04FF65DC90E6BB3E5EFD5248F042A2CF58A97291EA70FD05CA92
                                        Function 04E75880 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2498 4e75880-4e758ad GetSystemInfo 2500 4e758b3-4e758dc 2498->2500 2503 4e75a07-4e75a0b 2500->2503 2504 4e758e2-4e75930 2500->2504 2507 4e75932-4e7594a call 4e41840 2504->2507 2510 4e7594c-4e7596b 2507->2510 2512 4e75a05-4e75a06 2510->2512 2513 4e75971-4e75983 2510->2513 2512->2503 2514 4e75985 2513->2514 2515 4e759c2-4e75a04 2513->2515 2516 4e7598b-4e759bc call 4e41840 call 4e41850 2514->2516 2515->2512 2524 4e75987 2516->2524 2525 4e759be 2516->2525 2524->2516 2525->2515
                                        APIs
                                        • GetSystemInfo.KERNEL32(?), ref: 04E758A1
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: InfoSystem
                                        • String ID:
                                        • API String ID: 31276548-0
                                        • Opcode ID: f009209177626179d499608bd16841c5b7a412529ccb92b9602370071b919f10
                                        • Instruction ID: 5e242e21c57313b21cdd43952556f9517f8b595ed7f4b21027e92447b9d8476a
                                        • Opcode Fuzzy Hash: f009209177626179d499608bd16841c5b7a412529ccb92b9602370071b919f10
                                        • Instruction Fuzzy Hash: 794183B5514341AFD320EF78DC84E5BB7E9EB88214F008A1DF99AC7645E774F5088BA1
                                        Function 04E0F5C0 Relevance: 1.5, APIs: 1, Instructions: 45filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtOpenFile.NTDLL ref: 04E0F61F
                                          • Part of subcall function 04E765A0: NtClose.NTDLL(?,?,?,04E151A1,?,?,?,?), ref: 04E765BF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: CloseFileOpen
                                        • String ID:
                                        • API String ID: 284361766-0
                                        • Opcode ID: b221757e38ba3921961b68d8ca609c319f3de5cb57e0079589f34cbb12d92d50
                                        • Instruction ID: 65363f7013931e31279948c6e07aab90a919674016e254fad677b460cced3f68
                                        • Opcode Fuzzy Hash: b221757e38ba3921961b68d8ca609c319f3de5cb57e0079589f34cbb12d92d50
                                        • Instruction Fuzzy Hash: 9A0162B1B042106BEA14E7A99C91B5B77D85F88718F004928F699E72C0DA74E9448BD6
                                        Function 04E8DAB0 Relevance: 1.5, APIs: 1, Instructions: 43nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtQueryInformationProcess.NTDLL(00000000), ref: 04E8DACD
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: InformationProcessQuery
                                        • String ID:
                                        • API String ID: 1778838933-0
                                        • Opcode ID: 04b91c931546735e99d16fd484355705cea8a5681f123ac332cbf34ee49bf3c1
                                        • Instruction ID: a86b36dede0a8fa79b3d829c4efa8ae317eba64866601d6db8d840af894641f7
                                        • Opcode Fuzzy Hash: 04b91c931546735e99d16fd484355705cea8a5681f123ac332cbf34ee49bf3c1
                                        • Instruction Fuzzy Hash: 00016271244200AFD714EF51D885E5BB3A9FB88365F04852DFD4A87281EA34F849CB91
                                        Function 04E5BFF0 Relevance: 1.5, APIs: 1, Instructions: 29filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: CreateFile
                                        • String ID:
                                        • API String ID: 823142352-0
                                        • Opcode ID: 3ffcd73bf1fd64879620b8d2d1f90cb484e9835dc7a528025e0226e031ae8c1a
                                        • Instruction ID: 341a202906d2b12e599494a55d9b9d8a5e713b7ccf5cbbcb8f96bd526cd5786e
                                        • Opcode Fuzzy Hash: 3ffcd73bf1fd64879620b8d2d1f90cb484e9835dc7a528025e0226e031ae8c1a
                                        • Instruction Fuzzy Hash: DFF0B2B52056009FC240DB9DC880D4BB7F9AFCC658F14871CF55CE3225D634EA518B51
                                        Function 04E5C350 Relevance: 1.5, APIs: 1, Instructions: 29filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtQueryDirectoryFile.NTDLL ref: 04E5C39A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: DirectoryFileQuery
                                        • String ID:
                                        • API String ID: 3295332484-0
                                        • Opcode ID: 33acd8c737b7f968286e49d345cf9acbba12169bf9fbbe265e44d4b2c96dc157
                                        • Instruction ID: 954aa847dc60248fbf55083edbb538a4bfa858594ec7f25707fc06217ba890b0
                                        • Opcode Fuzzy Hash: 33acd8c737b7f968286e49d345cf9acbba12169bf9fbbe265e44d4b2c96dc157
                                        • Instruction Fuzzy Hash: 56F0BDB62056019FC240DA9DC880D5BBBF9AFCC658F148B1CF59CE3225D634EA918B62
                                        Function 04E5C500 Relevance: 1.5, APIs: 1, Instructions: 27filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ControlFile
                                        • String ID:
                                        • API String ID: 1795486800-0
                                        • Opcode ID: 55c30c06b3f190f99acbd95a7560fd3344d57267036c6579c0b316f5f9fc98f9
                                        • Instruction ID: 26e291adaa8bec4e6f264fea88f4d7f332542a3febb96630ba7e7cf2eb08cd28
                                        • Opcode Fuzzy Hash: 55c30c06b3f190f99acbd95a7560fd3344d57267036c6579c0b316f5f9fc98f9
                                        • Instruction Fuzzy Hash: 0DF0BAB52056009FC240DB5ACA80D1BB7F9AFCCB18F108A9CB19CE3255D634FE118B62
                                        Function 04E5C200 Relevance: 1.5, APIs: 1, Instructions: 27nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: SectionView
                                        • String ID:
                                        • API String ID: 1323581903-0
                                        • Opcode ID: 602876eac3edc4144132c88bb673ec1085f30fb25927f83a779ddf87a7cc5b6f
                                        • Instruction ID: d0354db456c6b22dd0d7fdbb17a5107284b57698c99e60d9bc7db1c7dbd7d5ac
                                        • Opcode Fuzzy Hash: 602876eac3edc4144132c88bb673ec1085f30fb25927f83a779ddf87a7cc5b6f
                                        • Instruction Fuzzy Hash: E1F0BAB52056009FC240DB5ADA80D1BB7F9AFCCB08F108A9CB19CE3255D634FE118B62
                                        Function 04E5C0C0 Relevance: 1.5, APIs: 1, Instructions: 25filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: FileWrite
                                        • String ID:
                                        • API String ID: 3934441357-0
                                        • Opcode ID: e2e49ea8520f8df87c1972cda128803305352f488ad19420f30d2f27f0d2408b
                                        • Instruction ID: bebbc61db7f2f63b4cdce2673d8d9d00b17dff97bdd3fa3755355086de586748
                                        • Opcode Fuzzy Hash: e2e49ea8520f8df87c1972cda128803305352f488ad19420f30d2f27f0d2408b
                                        • Instruction Fuzzy Hash: 5EF0C8B52056409FC344DA99C880D1BB7F9BFCC608F148A5CB1DCE3215D638EA118B62
                                        Function 04E5C070 Relevance: 1.5, APIs: 1, Instructions: 25filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: FileRead
                                        • String ID:
                                        • API String ID: 2738559852-0
                                        • Opcode ID: f2e961e3af4b57cd67ee6db25e1fb30f37792d58ba33d2fef47a1167317fbe48
                                        • Instruction ID: 2bbe5b4001c8e8e76328e5d1f374c1a8ee1bdac858a25d7f1fa5feae1b937962
                                        • Opcode Fuzzy Hash: f2e961e3af4b57cd67ee6db25e1fb30f37792d58ba33d2fef47a1167317fbe48
                                        • Instruction Fuzzy Hash: 63F0C8B52056409FC344DA99C880D1BB7F9BFCC608F148A5CB1DDE3215D639EA118B62
                                        Function 04E5C1C0 Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: CreateSection
                                        • String ID:
                                        • API String ID: 2449625523-0
                                        • Opcode ID: 1813e79689ab99f6f76f95de31e2efd0e78ff06c89431de8aaebcb21b7972556
                                        • Instruction ID: 35af5def5fda3cdc6679edf265d177dfae94a337154814f16c6c50f668e5c180
                                        • Opcode Fuzzy Hash: 1813e79689ab99f6f76f95de31e2efd0e78ff06c89431de8aaebcb21b7972556
                                        • Instruction Fuzzy Hash: 3CE002B56056019FC240DF9DCC90D4BB7F9AFDC745F10851CB559C3226D634E846CBA1
                                        Function 04E5BA80 Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: DuplicateObject
                                        • String ID:
                                        • API String ID: 3677547684-0
                                        • Opcode ID: 7051ef062564f1f4592074f66922cd5ea277b418d8f8db5c10c1fe60eb766633
                                        • Instruction ID: 4fb8e76cc46f10d5fbaa94fe08cc4d27c5416dd32dae3959da7f9266c34a85d0
                                        • Opcode Fuzzy Hash: 7051ef062564f1f4592074f66922cd5ea277b418d8f8db5c10c1fe60eb766633
                                        • Instruction Fuzzy Hash: A3E002B52056019FC240DF9DC880D4BB7F9AFEC744F10851CB559D3226D634E946CBA1
                                        Function 04E5BFB0 Relevance: 1.5, APIs: 1, Instructions: 19filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: FileOpen
                                        • String ID:
                                        • API String ID: 2669468079-0
                                        • Opcode ID: 6b1d7b5c1d63d92112219cd2027aa3be5784a0e36f88557f40a257ece41226aa
                                        • Instruction ID: bca6341c412b7861f4fb96bec076d7e34605f3725bc319320b53d36f08e41e64
                                        • Opcode Fuzzy Hash: 6b1d7b5c1d63d92112219cd2027aa3be5784a0e36f88557f40a257ece41226aa
                                        • Instruction Fuzzy Hash: EEE002B52056029FC240DF59EA80D1BB7F9AFCCA01F108919B199E7229D634ED09DB72
                                        Function 04E5C4C0 Relevance: 1.5, APIs: 1, Instructions: 17filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtQueryVolumeInformationFile.NTDLL ref: 04E5C4EC
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: FileInformationQueryVolume
                                        • String ID:
                                        • API String ID: 634242254-0
                                        • Opcode ID: 19ea19077647725223d56b440d8980902c80b99fbb2947db3bf631f8177baa08
                                        • Instruction ID: e191da09043f28dcc5e7eda007e614b55e41ab8a929a17db75c846181f833db2
                                        • Opcode Fuzzy Hash: 19ea19077647725223d56b440d8980902c80b99fbb2947db3bf631f8177baa08
                                        • Instruction Fuzzy Hash: 00E02DB52053429BC240DF99D880D1BB3F9BFCC600F14891CB1A9D3219C734E8058B62
                                        Function 04E5C110 Relevance: 1.5, APIs: 1, Instructions: 17filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtSetInformationFile.NTDLL ref: 04E5C13C
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: FileInformation
                                        • String ID:
                                        • API String ID: 4253254148-0
                                        • Opcode ID: 307a3653577b71bda81fad602f55da474a56ecf81cb3e1e5b3c172f0ed4b05f6
                                        • Instruction ID: 1b7210857d3a7f641a62235dce6d5b23d7037cbc524f6973386d270af9a4bc40
                                        • Opcode Fuzzy Hash: 307a3653577b71bda81fad602f55da474a56ecf81cb3e1e5b3c172f0ed4b05f6
                                        • Instruction Fuzzy Hash: 63E02DB52053429BC240DF99D880D1BB3E9BFCC604F14891CB1A9D3229C734E8158B62
                                        Function 04E765A0 Relevance: 1.5, APIs: 1, Instructions: 15nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtClose.NTDLL(?,?,?,04E151A1,?,?,?,?), ref: 04E765BF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: Close
                                        • String ID:
                                        • API String ID: 3535843008-0
                                        • Opcode ID: 6425ce7476893d03a982bba55e83f2574365ff8751d8f8adb7d12644c4bfbad5
                                        • Instruction ID: f69376ca1dc3c5faf6931bfd8bd1a694f16b5270a93c3c651eb5b94094d55857
                                        • Opcode Fuzzy Hash: 6425ce7476893d03a982bba55e83f2574365ff8751d8f8adb7d12644c4bfbad5
                                        • Instruction Fuzzy Hash: 91D017316041028BCA00CB75D880E5673E5FB68701B0485A0E008C7254C638F846CB01
                                        Function 04E5BCF0 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: Open
                                        • String ID:
                                        • API String ID: 71445658-0
                                        • Opcode ID: ef100438c178c3f3a85ef328aacebc9509c362afdf99b660359fb09ef11c7f29
                                        • Instruction ID: 21aba2488e48e9c4cfd5f8905abde25ca00955d9fa9762506b9774a0db0b64c1
                                        • Opcode Fuzzy Hash: ef100438c178c3f3a85ef328aacebc9509c362afdf99b660359fb09ef11c7f29
                                        • Instruction Fuzzy Hash: 11D09275205201AFC200EB99C880E0BB7F9EFC8304F10C519B5A8C7229C634E841CB61
                                        Function 04E5C5B0 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ObjectSecurity
                                        • String ID:
                                        • API String ID: 2240786066-0
                                        • Opcode ID: c328f95a4b945f8a5b3dc80099c40e6d938c7a71e5b0bdd9451abdc8fbcaaf72
                                        • Instruction ID: 63c5dcf6a6f3bc446fd82d12d77fa092c90bc758422330287a9b659245e2339c
                                        • Opcode Fuzzy Hash: c328f95a4b945f8a5b3dc80099c40e6d938c7a71e5b0bdd9451abdc8fbcaaf72
                                        • Instruction Fuzzy Hash: 77D09275205201AFC200DB99D880E0BB7E9FFD8304F10C518B5A8C3229CA34E841CB51
                                        Function 04E5C190 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: OpenSection
                                        • String ID:
                                        • API String ID: 1950954290-0
                                        • Opcode ID: 622b8e53effc973f96025228f2f4ebd2773fbcdc0bab9f4a754eedbee053c625
                                        • Instruction ID: 154c6fdf059f237a2659234a9a270aad8cd58b2a13091d6e4077133eba1ddf2e
                                        • Opcode Fuzzy Hash: 622b8e53effc973f96025228f2f4ebd2773fbcdc0bab9f4a754eedbee053c625
                                        • Instruction Fuzzy Hash: FED09275205201AFC200DB99C884E0BB7E9EFC8304F10C518B5ACC3229CA34E840CB61
                                        Function 04E5C290 Relevance: 1.5, APIs: 1, Instructions: 11nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtUnmapViewOfSection.NTDLL ref: 04E5C2AD
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: SectionUnmapView
                                        • String ID:
                                        • API String ID: 498011366-0
                                        • Opcode ID: b71e665c29aa92648ba14ce69dd3bb7c24daa26491a644d8150dfcea87c70916
                                        • Instruction ID: f81da7fb405fabb1325e59494199275df5e99d6dc77eb1c672e39352957fedd5
                                        • Opcode Fuzzy Hash: b71e665c29aa92648ba14ce69dd3bb7c24daa26491a644d8150dfcea87c70916
                                        • Instruction Fuzzy Hash: 5FD0CA74201200AFC200EB29D980E1BB7A9BFC8300B10C628A09893269CA34EC00DB51
                                        Function 04E5C3A0 Relevance: 1.5, APIs: 1, Instructions: 11filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtQueryAttributesFile.NTDLL ref: 04E5C3BD
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: AttributesFileQuery
                                        • String ID:
                                        • API String ID: 2106648053-0
                                        • Opcode ID: 7f2c6fb5f539269ef8a4625c7246bcef280848b1e641ce3f070ad457e62b09a2
                                        • Instruction ID: c4707302a07f4e033a961c9ec9986387f44235f2f58af73e8c90fbdfccc2cd7c
                                        • Opcode Fuzzy Hash: 7f2c6fb5f539269ef8a4625c7246bcef280848b1e641ce3f070ad457e62b09a2
                                        • Instruction Fuzzy Hash: 5DD0CA78206200ABC200EB29C980E1BB7A9AFC8300B10C558A09883229CA38EC019A11
                                        Function 04E5BA50 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: Close
                                        • String ID:
                                        • API String ID: 3535843008-0
                                        • Opcode ID: d39c9577dc767e0f8e4aa055d20d9b1426c21fd989f9e6ff95ca7252a6528d02
                                        • Instruction ID: f71af8c5a78a5ddaace39d58da221e13fab4263544ab722446f23dc1b6d19c10
                                        • Opcode Fuzzy Hash: d39c9577dc767e0f8e4aa055d20d9b1426c21fd989f9e6ff95ca7252a6528d02
                                        • Instruction Fuzzy Hash: 5CC08C707052008BC200EB68CC84E0A73E5FFEC340F008028A05CC730ACA38FC01CE00
                                        Function 04E477C0 Relevance: 11.2, APIs: 7, Instructions: 690filesynchronizationCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 0 4e477c0-4e477dc 1 4e47804-4e4787a CreateMutexW 0->1 2 4e477de-4e477e0 0->2 12 4e478a2-4e478f5 CreateMutexW 1->12 13 4e4787c-4e4787e 1->13 2->1 3 4e477e2-4e47802 2->3 3->1 22 4e478f7-4e478fa 12->22 23 4e4790c-4e47914 12->23 14 4e47884-4e47887 13->14 15 4e48080-4e4808c 13->15 14->15 16 4e4788d-4e4789f call 4e765a0 14->16 22->23 24 4e478fc-4e47904 call 4e765a0 22->24 25 4e47916-4e47936 call 4dd1530 23->25 26 4e47947-4e4799a CreateMutexW 23->26 24->23 31 4e47906 24->31 25->26 35 4e47938-4e4793b 25->35 39 4e479b1-4e479bb 26->39 40 4e4799c-4e4799f 26->40 31->23 37 4e47941-4e47942 35->37 38 4e4806d-4e48073 35->38 42 4e48068 call 4e765a0 37->42 38->15 41 4e48075-4e48078 38->41 46 4e479bd-4e479dd call 4dd1530 39->46 47 4e479ee-4e47a69 CreateFileMappingW call 4dd1530 39->47 40->39 43 4e479a1-4e479a9 call 4e765a0 40->43 41->15 45 4e4807a-4e4807b call 4e765a0 41->45 42->38 43->39 53 4e479ab 43->53 45->15 46->47 57 4e479df-4e479e2 46->57 64 4e47abe-4e47ae0 MapViewOfFile 47->64 65 4e47a6b-4e47a89 call 4dd1530 47->65 53->39 57->38 58 4e479e8-4e479e9 57->58 58->42 69 4e47ae2-4e47af7 64->69 70 4e47b03-4e47b07 64->70 65->64 75 4e47a8b-4e47abb call 4dd1510 * 2 65->75 69->38 81 4e47afd-4e47afe 69->81 72 4e47b0d-4e47b3a 70->72 73 4e47bbf-4e47c03 call 4e46050 CreateFileMappingW call 4dd1530 70->73 72->75 85 4e47b40-4e47b4a 72->85 91 4e47c05-4e47c22 call 4dd1530 73->91 92 4e47c28-4e47c4a MapViewOfFile 73->92 81->42 88 4e47b4c-4e47b5d call 4dd1c30 85->88 89 4e47b88-4e47bbc 85->89 101 4e47b6d 88->101 102 4e47b5f-4e47b6b call 4dd1c30 88->102 89->73 91->75 91->92 92->75 106 4e47c50-4e47c75 call 4e46020 92->106 105 4e47b72-4e47b85 101->105 102->105 105->89 112 4e47cf5-4e47d0c 106->112 113 4e47c77-4e47c7c 106->113 116 4e47d13-4e47d2d 112->116 117 4e47d0e 112->117 114 4e47c80-4e47cf3 113->114 114->112 119 4e47d94-4e47dbc call 4e46900 116->119 120 4e47d2f-4e47d8b call 4dd1c30 call 4defe60 116->120 117->116 127 4e47dc2-4e47dd3 119->127 128 4e4804c-4e48065 119->128 120->119 127->128 133 4e47dd9-4e47df2 call 4e44b40 127->133 128->38 138 4e48067 128->138 141 4e47eb1-4e47ecb call 4dd3eb0 call 4e63930 133->141 142 4e47df8-4e47e11 call 4dd3eb0 call 4e63930 133->142 138->42 153 4e47ed1-4e47f31 call 4e63b20 call 4e0f070 * 2 call 4dd2e00 call 4e45fc0 141->153 154 4e47fb8 141->154 151 4e47e17-4e47e90 call 4e63b20 call 4e0f070 * 2 call 4dd2e00 * 2 call 4e45fc0 142->151 152 4e47ea8-4e47eac 142->152 199 4e47e92-4e47e98 151->199 200 4e47e9c-4e47ea3 call 4dd2e00 151->200 155 4e47fbc-4e47fe6 call 4dd2e00 call 4e53430 152->155 187 4e47f33-4e47f39 153->187 188 4e47f3d-4e47f8b call 4e0f070 * 2 call 4dd2e00 call 4e45fc0 153->188 154->155 171 4e4800d-4e48049 call 4df7730 call 4dd1510 * 2 155->171 172 4e47fe8-4e48008 call 4e52a10 call 4e53130 155->172 172->171 187->188 209 4e47f97-4e47fb3 call 4dd2e00 * 3 188->209 210 4e47f8d-4e47f93 188->210 199->200 200->152 209->154 210->209
                                        APIs
                                        • CreateMutexW.KERNEL32(00000000,00000000,?), ref: 04E4786C
                                        • CreateMutexW.KERNEL32(00000000,00000000,?), ref: 04E478E4
                                        • CreateMutexW.KERNEL32(00000000,00000000,?), ref: 04E47989
                                        • MapViewOfFile.KERNEL32(?,00000006,00000000,00000000,00210CF0), ref: 04E47AD5
                                        • CreateFileMappingW.KERNELBASE(000000FF,04ED8968,00000004,00000000,00100000,?,00000006,00000000,00000000,00210CF0), ref: 04E47BF5
                                        • MapViewOfFile.KERNEL32(?,00000006,00000000,00000000,00100000), ref: 04E47C3F
                                          • Part of subcall function 04E45FC0: GetFileAttributesW.KERNEL32(?), ref: 04E45FC5
                                        • CreateFileMappingW.KERNELBASE(000000FF,04ED8968,00000004,00000000,00210CF0,?), ref: 04E47A5B
                                          • Part of subcall function 04E765A0: NtClose.NTDLL(?,?,?,04E151A1,?,?,?,?), ref: 04E765BF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: CreateFile$Mutex$MappingView$AttributesClose
                                        • String ID:
                                        • API String ID: 1244313601-0
                                        • Opcode ID: 3f5c190e509b8a0298f4cdc83e99fa2c7011543d471f332d22ad724cd605f9d2
                                        • Instruction ID: 583ec48f8f65aea1afea48e03f5a7dbfb0c23905c289063759befefcf984fb37
                                        • Opcode Fuzzy Hash: 3f5c190e509b8a0298f4cdc83e99fa2c7011543d471f332d22ad724cd605f9d2
                                        • Instruction Fuzzy Hash: 833274B16043005BE324EB64DC81FABB3A9EFD4708F145A1DF59697280EB74F915CBA2
                                        Function 0043ADFD Relevance: 9.1, APIs: 6, Instructions: 107threadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                          • Part of subcall function 0043F81D: TlsGetValue.KERNEL32(?,0043AE02), ref: 0043F824
                                          • Part of subcall function 0043F81D: TlsSetValue.KERNEL32(00000000,0043AE02), ref: 0043F845
                                          • Part of subcall function 0043F802: TlsGetValue.KERNEL32(?,0043AE0D,00000000), ref: 0043F80C
                                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 0043AE24
                                        • ExitThread.KERNEL32 ref: 0043AE2B
                                        • CreateThread.KERNEL32(00000000,?,0043ADFD,00000000,00000004,00000000), ref: 0043AEE3
                                        • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 0043AEF3
                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 0043AEFE
                                        • __dosmaperr.LIBCMT ref: 0043AF16
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2698519737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.2698453549.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698654394.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698728259.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.0000000000570000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.0000000000576000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.0000000000583000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2699884196.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2700460692.00000000005A3000.00000020.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2700731848.000000000075D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2700731848.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_400000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ThreadValue$ErrorLast$CreateExitResume__dosmaperr
                                        • String ID:
                                        • API String ID: 1421997792-0
                                        • Opcode ID: 95dbf250f0f650d72b0557ce41af9bff93a54a02cca207d85b1c51c4d98ce115
                                        • Instruction ID: d9e92146fc605ecf92f8e0cb711c6202a8853bc182fc8bffc2600e95974633b1
                                        • Opcode Fuzzy Hash: 95dbf250f0f650d72b0557ce41af9bff93a54a02cca207d85b1c51c4d98ce115
                                        • Instruction Fuzzy Hash: 0D3120B1841300ABDB187F729D4A95F7BA4EF4C32DF20563FF554822A2DB78C8048A5E
                                        Function 04E44940 Relevance: 7.7, APIs: 5, Instructions: 194fileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 835 4e44940-4e449a0 CreateFileMappingW 838 4e449c2-4e449e8 MapViewOfFile 835->838 839 4e449a2-4e449b5 835->839 843 4e449f6-4e44a33 call 4e41920 CreateFileMappingW 838->843 844 4e449ea-4e449f3 838->844 839->838 842 4e449b7-4e449bf 839->842 848 4e44ac9-4e44ad5 843->848 849 4e44a39-4e44a59 MapViewOfFile 843->849 849->848 851 4e44a5b-4e44aa4 call 4e4fd60 call 4e41920 849->851 851->848 858 4e44aa6-4e44aba 851->858 858->848 861 4e44abc-4e44ac7 858->861 861->848 863 4e44ad8-4e44aef CreateThread 861->863 864 4e44af4-4e44b08 call 4e41b90 call 4e441e0 863->864 868 4e44b0d-4e44b0f 864->868 869 4e44b11-4e44b19 868->869 870 4e44b1d-4e44b20 868->870 869->870 870->864 871 4e44b22-4e44b31 870->871
                                        APIs
                                        • CreateFileMappingW.KERNELBASE(000000FF,04ED8968,00000004,00000000,00000004,?), ref: 04E44999
                                        • MapViewOfFile.KERNEL32(?,00000006,00000000,00000000,00000004), ref: 04E449E1
                                        • CreateFileMappingW.KERNELBASE(000000FF,04ED8968,00000004,00000000,00000018,?), ref: 04E44A2C
                                        • MapViewOfFile.KERNEL32(?,00000006,00000000,00000000,00000018), ref: 04E44A4E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: File$CreateMappingView
                                        • String ID:
                                        • API String ID: 3452162329-0
                                        • Opcode ID: e1d93ae6cc64343c077d8b2bb3bc557795d2c820ce87db94b6a6216c8c140615
                                        • Instruction ID: 34b5bcdf43c7b10d4aa9fb19084a05b580b044781b34a1141874fbe3ca34f065
                                        • Opcode Fuzzy Hash: e1d93ae6cc64343c077d8b2bb3bc557795d2c820ce87db94b6a6216c8c140615
                                        • Instruction Fuzzy Hash: 9A51D5B16003046BD360EF69EC41F6BB7EDFB84758F040A2DF29592281EA71F4198BA5
                                        Function 0043ADBC Relevance: 4.5, APIs: 3, Instructions: 32threadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 946 43adbc-43add8 call 43def8 call 43f9db 953 43ad91-43ad9b call 43f964 946->953 954 43ad7c-43ad89 call 43fd90 946->954 960 43adb3-43adb5 ExitThread 953->960 961 43ad9d-43ada3 953->961 954->953 959 43ad8b 954->959 959->953 962 43ada5-43ada6 CloseHandle 961->962 963 43adac-43adb2 call 43fb14 961->963 962->963 963->960
                                        APIs
                                          • Part of subcall function 0043F9DB: __amsg_exit.LIBCMT ref: 0043F9E9
                                        • CloseHandle.KERNEL32(?), ref: 0043ADA6
                                        • __freeptd.LIBCMT ref: 0043ADAD
                                        • ExitThread.KERNEL32 ref: 0043ADB5
                                          • Part of subcall function 0043FD90: __FindPESection.LIBCMT ref: 0043FDE9
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2698519737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.2698453549.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698654394.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698728259.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.0000000000570000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.0000000000576000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.0000000000583000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2699884196.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2700460692.00000000005A3000.00000020.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2700731848.000000000075D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2700731848.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_400000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: CloseExitFindHandleSectionThread__amsg_exit__freeptd
                                        • String ID:
                                        • API String ID: 1262231458-0
                                        • Opcode ID: b23d0af45d41ee54e17b61858cfc5b22db630a960199009171090f466a26fffd
                                        • Instruction ID: 087f8f893f9146e22835cab90ed0cf15e536a4f6782d65b4837159175cf75cb2
                                        • Opcode Fuzzy Hash: b23d0af45d41ee54e17b61858cfc5b22db630a960199009171090f466a26fffd
                                        • Instruction Fuzzy Hash: BAF0B431941601EBD7156BE49A0DB5E37115F0D727F14112BF141959E2CBACC815865E
                                        Function 04DD4920 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1162 4dd4920-4dd4942 1163 4dd4969 1162->1163 1164 4dd4944-4dd494c 1162->1164 1165 4dd4971-4dd4977 1163->1165 1164->1163 1166 4dd494e-4dd4953 1164->1166 1168 4dd497d-4dd4981 1165->1168 1169 4dd4a88-4dd4a8e 1165->1169 1166->1163 1167 4dd4955-4dd4967 1166->1167 1167->1163 1167->1165 1170 4dd4987-4dd4993 1168->1170 1171 4dd49b9-4dd49c3 1170->1171 1172 4dd4995-4dd4997 1170->1172 1174 4dd49de-4dd49e3 1171->1174 1175 4dd49c5-4dd49cb 1171->1175 1172->1171 1173 4dd4999-4dd49b4 call 4e75810 call 4e75840 1172->1173 1173->1171 1176 4dd49e5-4dd49ea 1174->1176 1177 4dd49f3-4dd4a81 VirtualProtect 1174->1177 1179 4dd49cd 1175->1179 1180 4dd49d3-4dd49d6 1175->1180 1176->1177 1182 4dd49ec-4dd49f1 1176->1182 1183 4dd4a87 1177->1183 1184 4dd4983 1177->1184 1179->1180 1180->1174 1181 4dd49d8 1180->1181 1181->1174 1182->1177 1183->1169 1184->1170
                                        APIs
                                        • VirtualProtect.KERNEL32(?,?,00000001,?), ref: 04DD4A6B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-3916222277
                                        • Opcode ID: 0d178036a5ef255de51ca21ecc9b7106da5a3c7cd8be8b6f7612a1d285532243
                                        • Instruction ID: 323cb04aa8ffe2663ffd35ffc9676b0a08370961d3e0063007b7f9e133934756
                                        • Opcode Fuzzy Hash: 0d178036a5ef255de51ca21ecc9b7106da5a3c7cd8be8b6f7612a1d285532243
                                        • Instruction Fuzzy Hash: FA4103726043118FE314CF1AC840B6AB7E5FF85308F04862DEA959B395E776F919CB91
                                        Function 04E48090 Relevance: 3.4, APIs: 2, Instructions: 413fileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1188 4e48090-4e480c4 1189 4e480c6-4e480c8 1188->1189 1190 4e480ee-4e480fa 1188->1190 1191 4e480d0-4e480d7 1189->1191 1192 4e48100-4e4810e 1190->1192 1193 4e481b9-4e481d7 1190->1193 1194 4e480e3-4e480ea 1191->1194 1195 4e480d9-4e480df 1191->1195 1196 4e48114-4e4811f 1192->1196 1203 4e48225-4e4824c 1193->1203 1204 4e481d9-4e481f4 1193->1204 1194->1190 1195->1191 1200 4e480e1 1195->1200 1197 4e48177-4e4817c 1196->1197 1198 4e48121-4e48124 1196->1198 1201 4e48196-4e481a8 1197->1201 1205 4e4817e-4e48184 1197->1205 1198->1201 1202 4e48126-4e4812b 1198->1202 1200->1190 1206 4e48110 1201->1206 1207 4e481ae-4e481b5 1201->1207 1202->1201 1208 4e4812d-4e48136 1202->1208 1209 4e48250-4e48303 CreateFileMappingW MapViewOfFile 1203->1209 1204->1209 1205->1201 1210 4e48186-4e48194 1205->1210 1206->1196 1207->1193 1208->1201 1211 4e48138-4e48146 1208->1211 1224 4e48309-4e4833d 1209->1224 1210->1201 1214 4e481f6-4e48222 1210->1214 1211->1201 1217 4e48148-4e48174 1211->1217 1226 4e48355-4e48366 1224->1226 1227 4e4833f-4e48343 1224->1227 1230 4e48374-4e4837a 1226->1230 1228 4e48345-4e4834a 1227->1228 1229 4e4834e 1227->1229 1228->1229 1229->1226 1231 4e48507-4e48527 1230->1231 1232 4e48380-4e483b8 1230->1232 1237 4e48565-4e4857c 1231->1237 1238 4e48529-4e48562 1231->1238 1239 4e48370 1232->1239 1240 4e483ba-4e483cd 1232->1240 1239->1230 1244 4e483d3-4e48439 1240->1244 1245 4e484f9-4e48502 1240->1245 1253 4e484e5-4e484e8 1244->1253 1254 4e4843f-4e48457 1244->1254 1245->1239 1253->1239 1255 4e484ee-4e484f4 call 4e765a0 1253->1255 1258 4e484d6-4e484d9 1254->1258 1259 4e48459-4e48485 call 4e766d0 1254->1259 1255->1239 1261 4e484e1 1258->1261 1262 4e484db-4e484dc call 4e765a0 1258->1262 1266 4e484c6-4e484d3 call 4e76760 1259->1266 1267 4e48487-4e484a7 1259->1267 1261->1253 1262->1261 1266->1258 1267->1266 1273 4e484a9-4e484c2 1267->1273 1273->1266
                                        APIs
                                        • CreateFileMappingW.KERNELBASE(000000FF,04ED8968,00000004,00000000,?,?), ref: 04E482C2
                                        • MapViewOfFile.KERNEL32(?,00000006,00000000,00000000,?), ref: 04E482E3
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: File$CreateMappingView
                                        • String ID:
                                        • API String ID: 3452162329-0
                                        • Opcode ID: 3da115d0930b72cba64d4b76837a05dcc6ea86a2d30d3b2a9b6f713eba1d0a6c
                                        • Instruction ID: a95e3c08bad05d83c595b36e2ebc566dded420af7277fc25e622817a85ff5e43
                                        • Opcode Fuzzy Hash: 3da115d0930b72cba64d4b76837a05dcc6ea86a2d30d3b2a9b6f713eba1d0a6c
                                        • Instruction Fuzzy Hash: E6E17EB5A043009FD724DF25D884B6BB7E5FBC8318F049A29F95997280E775F805CBA2
                                        Function 04E60EF0 Relevance: 3.1, APIs: 2, Instructions: 111memorysynchronizationCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1274 4e60ef0-4e60f8f VirtualAlloc 1276 4e60fc2-4e60fdf CreateMutexW 1274->1276 1277 4e60f91-4e60f95 1274->1277 1280 4e60ff0-4e6101b 1276->1280 1281 4e60fe1-4e60fe4 1276->1281 1278 4e60f97-4e60fa7 1277->1278 1279 4e60fab-4e60fc0 1277->1279 1278->1279 1279->1276 1279->1277 1288 4e61027-4e61033 1280->1288 1289 4e6101d-4e61020 1280->1289 1281->1280 1282 4e60fe6-4e60feb 1281->1282 1282->1280 1285 4e60fed 1282->1285 1285->1280 1289->1288 1290 4e61022-4e61025 1289->1290 1290->1288
                                        APIs
                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,?,?,?,04E610EF,?,?), ref: 04E60F5A
                                        • CreateMutexW.KERNEL32(00000000,00000001,00000000,?,?,?,04E610EF,?,?), ref: 04E60FCC
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: AllocCreateMutexVirtual
                                        • String ID:
                                        • API String ID: 3913005568-0
                                        • Opcode ID: 8a73bd10ca8830ed936bda83617b6e37c7a497ee13b27cb75ed1af3baec0934f
                                        • Instruction ID: 6dceea9918ec5fbe676f9fcdde57390ab5b8d3ea49f4cb996701a0f53df5207a
                                        • Opcode Fuzzy Hash: 8a73bd10ca8830ed936bda83617b6e37c7a497ee13b27cb75ed1af3baec0934f
                                        • Instruction Fuzzy Hash: 414126B19007018FC360DF2AD880916FBF6FF98364F549A2EE99A83B91D770F9058B51
                                        Function 04E15E80 Relevance: 1.6, APIs: 1, Instructions: 108threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateThread.KERNEL32(00000000,00000000,Function_00045E60,?,00000000,?), ref: 04E15F77
                                          • Part of subcall function 04E765A0: NtClose.NTDLL(?,?,?,04E151A1,?,?,?,?), ref: 04E765BF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: CloseCreateThread
                                        • String ID:
                                        • API String ID: 562768112-0
                                        • Opcode ID: bdd5e91f60945e2642bc808299a0b493e3b8a25fe176763d51f47f4f5bf6e978
                                        • Instruction ID: 516257b3693290ca4a8912d77ea72f3abce4e7bb7c3e12332aca3492b89ceb05
                                        • Opcode Fuzzy Hash: bdd5e91f60945e2642bc808299a0b493e3b8a25fe176763d51f47f4f5bf6e978
                                        • Instruction Fuzzy Hash: 0741C2B0904B019F8320CF2AD980817FBF9FFD9724B505A1EE49AC3A60E374F5458BA5
                                        Function 04E609C0 Relevance: 1.5, APIs: 1, Instructions: 45threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateThread.KERNEL32(00000000,00000000,Function_000908D0,?,00000000,?), ref: 04E60A06
                                          • Part of subcall function 04E765A0: NtClose.NTDLL(?,?,?,04E151A1,?,?,?,?), ref: 04E765BF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: CloseCreateThread
                                        • String ID:
                                        • API String ID: 562768112-0
                                        • Opcode ID: 640f8da2a1c498c254ecdab630d894c5f08b15fb6a3c2223951232f16cc69fe8
                                        • Instruction ID: 9725bcf43f01049f1c4a0896004b34613b552133f32ea4689a1adbe513c95550
                                        • Opcode Fuzzy Hash: 640f8da2a1c498c254ecdab630d894c5f08b15fb6a3c2223951232f16cc69fe8
                                        • Instruction Fuzzy Hash: 0001867179071066F630DF359C45F1776E9DB407B8F241B29F646D65C0E670F40587A1
                                        Function 04E441E0 Relevance: 1.5, APIs: 1, Instructions: 41threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateThread.KERNEL32(00000000,00000000,Function_000741D0,?,00000000,?), ref: 04E441F7
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: CreateThread
                                        • String ID:
                                        • API String ID: 2422867632-0
                                        • Opcode ID: c03bba12532e1ec81d312236267b86596d9649a40cf15fc14c06e1a043692f89
                                        • Instruction ID: be31c05494b040e7b09c5ea8564856c4fb2216dbf541909188581e0c19f8a124
                                        • Opcode Fuzzy Hash: c03bba12532e1ec81d312236267b86596d9649a40cf15fc14c06e1a043692f89
                                        • Instruction Fuzzy Hash: 68F06936200211AFC224DF99EC44F9BB7F9EFC8710F00881DF68987290D674B809CBA5
                                        Function 13B194EA Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B14000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ]
                                        • API String ID: 0-636209891
                                        • Opcode ID: 7f5871db1c06543f2e016d8a255d1c853c7a128f22bd28e276128872426d110a
                                        • Instruction ID: 88e6b5dd96296a8b26b6e8a4ae564fd8c964319f29c296921ee2d63315994283
                                        • Opcode Fuzzy Hash: 7f5871db1c06543f2e016d8a255d1c853c7a128f22bd28e276128872426d110a
                                        • Instruction Fuzzy Hash: 5BB14970A14385CFEB20CF54E894719B7E6EF81324F288139D9159F289F771AC92CBA1
                                        Function 13B194EA Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B15000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ]
                                        • API String ID: 0-636209891
                                        • Opcode ID: 7f5871db1c06543f2e016d8a255d1c853c7a128f22bd28e276128872426d110a
                                        • Instruction ID: 88e6b5dd96296a8b26b6e8a4ae564fd8c964319f29c296921ee2d63315994283
                                        • Opcode Fuzzy Hash: 7f5871db1c06543f2e016d8a255d1c853c7a128f22bd28e276128872426d110a
                                        • Instruction Fuzzy Hash: 5BB14970A14385CFEB20CF54E894719B7E6EF81324F288139D9159F289F771AC92CBA1
                                        Function 13B194EA Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B16000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ]
                                        • API String ID: 0-636209891
                                        • Opcode ID: e95aa9d6e8cca9951acf268c8ae5f47d4671ff1e77e603c139733e527e33259e
                                        • Instruction ID: 88e6b5dd96296a8b26b6e8a4ae564fd8c964319f29c296921ee2d63315994283
                                        • Opcode Fuzzy Hash: e95aa9d6e8cca9951acf268c8ae5f47d4671ff1e77e603c139733e527e33259e
                                        • Instruction Fuzzy Hash: 5BB14970A14385CFEB20CF54E894719B7E6EF81324F288139D9159F289F771AC92CBA1
                                        Function 13B194EA Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B19000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ]
                                        • API String ID: 0-636209891
                                        • Opcode ID: e95aa9d6e8cca9951acf268c8ae5f47d4671ff1e77e603c139733e527e33259e
                                        • Instruction ID: 88e6b5dd96296a8b26b6e8a4ae564fd8c964319f29c296921ee2d63315994283
                                        • Opcode Fuzzy Hash: e95aa9d6e8cca9951acf268c8ae5f47d4671ff1e77e603c139733e527e33259e
                                        • Instruction Fuzzy Hash: 5BB14970A14385CFEB20CF54E894719B7E6EF81324F288139D9159F289F771AC92CBA1
                                        Function 04E61440 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 04E61457
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: CreateHeap
                                        • String ID:
                                        • API String ID: 10892065-0
                                        • Opcode ID: 985b6dc2faaa9e36ab811cf5637d72a52b8d63d0d22bcb32fc32dc53f1b209da
                                        • Instruction ID: 6c666e621caa4c307f4b8d55a631291d70d9c6899c81fcb09526ab4a92ca5767
                                        • Opcode Fuzzy Hash: 985b6dc2faaa9e36ab811cf5637d72a52b8d63d0d22bcb32fc32dc53f1b209da
                                        • Instruction Fuzzy Hash: A4F09AB5D81320ABDB106F72FC4DF9A3A6AFB00746F415024F926D7248D6BD6C918B91
                                        Function 04E60E10 Relevance: 1.5, APIs: 1, Instructions: 26threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • RtlQueueApcWow64Thread.NTDLL(?,Function_00090CF0,00000000,00000000,00000000), ref: 04E60E48
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: QueueThreadWow64
                                        • String ID:
                                        • API String ID: 1120405860-0
                                        • Opcode ID: ff7560c876792e2644629b9672526107a5e3f6ccb2d61e0f3ca7917a20cc465b
                                        • Instruction ID: ca9e58627fc472287d26f05886de33249a4c540c01a7f64a9d6d2ad8bd172015
                                        • Opcode Fuzzy Hash: ff7560c876792e2644629b9672526107a5e3f6ccb2d61e0f3ca7917a20cc465b
                                        • Instruction Fuzzy Hash: 90E09272681331EFD2349B26AC04F47FFE4EF94B50F11992AE94697280C6B4B840C7A5
                                        Function 04E60CB0 Relevance: 1.5, APIs: 1, Instructions: 24threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • RtlQueueApcWow64Thread.NTDLL(?,Function_00090950,00000000,00000000,00000000), ref: 04E60CE1
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: QueueThreadWow64
                                        • String ID:
                                        • API String ID: 1120405860-0
                                        • Opcode ID: e70e9aa152e9233e68e072bcf62740507ba410e73d0b75e0f899d94b9a92cc11
                                        • Instruction ID: 1e95fb08a2ea4923a96c95174b09687d9e503ff22194b846fa1d7300fe1d5566
                                        • Opcode Fuzzy Hash: e70e9aa152e9233e68e072bcf62740507ba410e73d0b75e0f899d94b9a92cc11
                                        • Instruction Fuzzy Hash: 57E08631A82231B7D2305B66BC09F47BEA4EB84B91F015555B942B7281C6B4B841C7E1
                                        Function 04E5CA40 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: Free
                                        • String ID:
                                        • API String ID: 3978063606-0
                                        • Opcode ID: 8119e9a6c2ff1627a5c7434af7c00cb9f276138431a09492fdf497d6ca018873
                                        • Instruction ID: 29ab952013d55ceaf9f77b8a379bdc02ddf39be1a2580bff620bd67dee2d8941
                                        • Opcode Fuzzy Hash: 8119e9a6c2ff1627a5c7434af7c00cb9f276138431a09492fdf497d6ca018873
                                        • Instruction Fuzzy Hash: D0E0DFB050071043E220DF289808693BAD4AB02728B24AA1DF9EBD32D6C330F840C382
                                        Function 04E75810 Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNEL32(?,?,?,?,?,04DD49A6,?,?,00000004), ref: 04E7582C
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 219b6989e24e3bc9185c904ed27090141b6ec60f709914e602fca9d97034f2b7
                                        • Instruction ID: ec6de36e2cc3ff1360e6e54567ee982876e1cb022da6fded03d1644129916fb5
                                        • Opcode Fuzzy Hash: 219b6989e24e3bc9185c904ed27090141b6ec60f709914e602fca9d97034f2b7
                                        • Instruction Fuzzy Hash: 01E0E2B2604711AF8364CF58E880D57B7F9EB88B10B00C91EB19DC3604D270EC458BA1
                                        Function 04E75840 Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNEL32(?,?,?,00000000,?,04DD49B9), ref: 04E75856
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 58854aead879146d170662784ad05187d108c1993a19818c050f94f042036952
                                        • Instruction ID: 4fbd21feb7649aebbf80d3b2951fb726cc6fa93ad0c99c77ab5aa7c66ec01b49
                                        • Opcode Fuzzy Hash: 58854aead879146d170662784ad05187d108c1993a19818c050f94f042036952
                                        • Instruction Fuzzy Hash: 82D0C9B0110104EFD358CB14DC84EA677ADEB8832AF24859CE0498B641C737E847CB60
                                        Function 04E40B00 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetErrorMode.KERNEL32(?,?,04E0E673,00000001,?), ref: 04E40B08
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ErrorMode
                                        • String ID:
                                        • API String ID: 2340568224-0
                                        • Opcode ID: 302f4ff32a8f2f5fbaf471065b514b80abed531cc555dc6eba61a44f1e394a84
                                        • Instruction ID: bab62ca46fe3779aff862c70d550462b57ab5403051826148a551f7138d481d3
                                        • Opcode Fuzzy Hash: 302f4ff32a8f2f5fbaf471065b514b80abed531cc555dc6eba61a44f1e394a84
                                        • Instruction Fuzzy Hash: 50C09B766052205FC3A0DF5D9808D87BBD4DB686617014929B588C3204C534DC50C790
                                        Function 04E45FC0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetFileAttributesW.KERNEL32(?), ref: 04E45FC5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: AttributesFile
                                        • String ID:
                                        • API String ID: 3188754299-0
                                        • Opcode ID: 05b7b2e8daf6dbe7bc0f0c3082a61aeb3038ec0138ce19f69aa70979c59ea7c7
                                        • Instruction ID: e19174e196fdb79be1f67f97e3f3a9285bbe6b2300be9e533bc4ff2de413546a
                                        • Opcode Fuzzy Hash: 05b7b2e8daf6dbe7bc0f0c3082a61aeb3038ec0138ce19f69aa70979c59ea7c7
                                        • Instruction Fuzzy Hash: 49B012BA7101005BCB0847789D8D94E32949F58A327200B1CB033C24C0D734DC60AB11
                                        Function 04E40B20 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetErrorMode.KERNEL32(?,04E0E753), ref: 04E40B23
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: ErrorMode
                                        • String ID:
                                        • API String ID: 2340568224-0
                                        • Opcode ID: b0d564087c6d4ede3b9ef27ecaf43e180e1bd9006efc7137a49d7f931f0ae40b
                                        • Instruction ID: 57623f36306674d852a31b942f20b40bbcbe87b18991f44af42a805769433e1f
                                        • Opcode Fuzzy Hash: b0d564087c6d4ede3b9ef27ecaf43e180e1bd9006efc7137a49d7f931f0ae40b
                                        • Instruction Fuzzy Hash: 84A00274D002009BCE40DBB5D94CD453769EB553067100594B011C6414C639A850CA10
                                        Function 04E61040 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 04E61055
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: FreeVirtual
                                        • String ID:
                                        • API String ID: 1263568516-0
                                        • Opcode ID: 3685e3216c7c3649bf0bb02326a695341ab8f99914c55366e791fb871c9e6afa
                                        • Instruction ID: 1b55f10b6f8191a48de6f4c79bffbe926859fbea547ef0accb1dd0016030cf4f
                                        • Opcode Fuzzy Hash: 3685e3216c7c3649bf0bb02326a695341ab8f99914c55366e791fb871c9e6afa
                                        • Instruction Fuzzy Hash: CA012974640B118BDBB0DF79CA84B53B3E8AF04768F141A0CA556C7A90DB74F8458B50
                                        Function 13B2B39C Relevance: .9, Instructions: 897COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601297789.0000000013B2B000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B2B000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 04a6ea5ed11b6a4ef16fe64573f900ecf397f5ad90208a0a5c41d8a4d8b78116
                                        • Instruction ID: 30659999c989e69bec58511716707cbdd62d4b6dfea2f22e5cb29de7a9638488
                                        • Opcode Fuzzy Hash: 04a6ea5ed11b6a4ef16fe64573f900ecf397f5ad90208a0a5c41d8a4d8b78116
                                        • Instruction Fuzzy Hash: EE72D170A04251CFDB14CF94C9D0E69BBB5FF88710F988669E94A6B385EB70BC81CB51
                                        Function 13B2B39C Relevance: .9, Instructions: 897COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601297789.0000000013B2B000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B29000, based on PE: false
                                        • Associated: 00000000.00000003.2601263300.0000000013B29000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 29132b17a959bf0285d6690e0854f2e25bcdda2bb9e1ea78b4d013c7bf88f686
                                        • Instruction ID: 30659999c989e69bec58511716707cbdd62d4b6dfea2f22e5cb29de7a9638488
                                        • Opcode Fuzzy Hash: 29132b17a959bf0285d6690e0854f2e25bcdda2bb9e1ea78b4d013c7bf88f686
                                        • Instruction Fuzzy Hash: EE72D170A04251CFDB14CF94C9D0E69BBB5FF88710F988669E94A6B385EB70BC81CB51
                                        Function 10D21011 Relevance: .9, Instructions: 888COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.1.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 92cb11717b82a72b6d889fd8df2f3cc350da4c120b0267804a582ddfb159418d
                                        • Instruction ID: 940deaf1dd7c8a9987c1fc1d6e62523fc42458d9e6e8c510b9398f461d0826c9
                                        • Opcode Fuzzy Hash: 92cb11717b82a72b6d889fd8df2f3cc350da4c120b0267804a582ddfb159418d
                                        • Instruction Fuzzy Hash: 7982BE7CE04255CFDB20CF64E890B49BBB1FB54358FA9C199D958AB381C7719C82CBA1
                                        Function 13B220CC Relevance: .6, Instructions: 595COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601537195.0000000013B22000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B22000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 964df5ad7093e8583e5b59a66686ddb33bd4957f00d1358a4cd0967b43d14e36
                                        • Instruction ID: f7e19f035bf439232d73f6777fc40451e3fcc4829fb2f00aa92a7f63a45f0cbe
                                        • Opcode Fuzzy Hash: 964df5ad7093e8583e5b59a66686ddb33bd4957f00d1358a4cd0967b43d14e36
                                        • Instruction Fuzzy Hash: 11323571A00345EFD750CF54D890B6ABBA5FF05704F948269E619EF2C1E7B1B881CBA1
                                        Function 13B198CB Relevance: .4, Instructions: 402COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B14000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 365b717df13fe654975350c58c123d3f9356bba31368b8311fa96f669ad0f239
                                        • Instruction ID: 0fcc6ccfc03d156462095345562428d6a00eb6d3f8c3fd699368ba537bdc6505
                                        • Opcode Fuzzy Hash: 365b717df13fe654975350c58c123d3f9356bba31368b8311fa96f669ad0f239
                                        • Instruction Fuzzy Hash: D4E1C370A0434ADFEB14CF54E8A075EB7E5FF85750F244129E516AF244F730A892CB91
                                        Function 13B198CB Relevance: .4, Instructions: 402COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B15000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 365b717df13fe654975350c58c123d3f9356bba31368b8311fa96f669ad0f239
                                        • Instruction ID: 0fcc6ccfc03d156462095345562428d6a00eb6d3f8c3fd699368ba537bdc6505
                                        • Opcode Fuzzy Hash: 365b717df13fe654975350c58c123d3f9356bba31368b8311fa96f669ad0f239
                                        • Instruction Fuzzy Hash: D4E1C370A0434ADFEB14CF54E8A075EB7E5FF85750F244129E516AF244F730A892CB91
                                        Function 13B198CB Relevance: .4, Instructions: 402COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B16000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e55125a105240a8324d43f6d87f565ad501c9f19b4076bcc45d8deafbbbb63a5
                                        • Instruction ID: 0fcc6ccfc03d156462095345562428d6a00eb6d3f8c3fd699368ba537bdc6505
                                        • Opcode Fuzzy Hash: e55125a105240a8324d43f6d87f565ad501c9f19b4076bcc45d8deafbbbb63a5
                                        • Instruction Fuzzy Hash: D4E1C370A0434ADFEB14CF54E8A075EB7E5FF85750F244129E516AF244F730A892CB91
                                        Function 13B198CB Relevance: .4, Instructions: 402COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B19000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e55125a105240a8324d43f6d87f565ad501c9f19b4076bcc45d8deafbbbb63a5
                                        • Instruction ID: 0fcc6ccfc03d156462095345562428d6a00eb6d3f8c3fd699368ba537bdc6505
                                        • Opcode Fuzzy Hash: e55125a105240a8324d43f6d87f565ad501c9f19b4076bcc45d8deafbbbb63a5
                                        • Instruction Fuzzy Hash: D4E1C370A0434ADFEB14CF54E8A075EB7E5FF85750F244129E516AF244F730A892CB91
                                        Function 13B1F9A6 Relevance: .3, Instructions: 288COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601591816.0000000013B1F000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B1F000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d5332b5f0dfc14f82a62e2d163cd36b3d18c031279109a8a70215eb7c1d7d44d
                                        • Instruction ID: 8b8f9030dbc81c94cd0a3e5620e35813a9d5c089c5cae54d49bff31de42f4eb8
                                        • Opcode Fuzzy Hash: d5332b5f0dfc14f82a62e2d163cd36b3d18c031279109a8a70215eb7c1d7d44d
                                        • Instruction Fuzzy Hash: 5AB10A71A04706DFCB04CF54E890AAEB7B5FF59750F24872DE616AF280E7309856CBA1
                                        Function 13B1C0DF Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B14000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3568dc1d6bfc52f91803435fc038954b4d9df8d28b709c410e2996b406a39b39
                                        • Instruction ID: 69afa672edf42b4426bd747fe86c22ff2209a725d29c49a62835025d7d477b32
                                        • Opcode Fuzzy Hash: 3568dc1d6bfc52f91803435fc038954b4d9df8d28b709c410e2996b406a39b39
                                        • Instruction Fuzzy Hash: CA413570A48345DFEF11CFA8EC50B5DB7A4EB45B50F28813AE505EF284E7B058A1CBA1
                                        Function 13B1C0DF Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B15000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3568dc1d6bfc52f91803435fc038954b4d9df8d28b709c410e2996b406a39b39
                                        • Instruction ID: 69afa672edf42b4426bd747fe86c22ff2209a725d29c49a62835025d7d477b32
                                        • Opcode Fuzzy Hash: 3568dc1d6bfc52f91803435fc038954b4d9df8d28b709c410e2996b406a39b39
                                        • Instruction Fuzzy Hash: CA413570A48345DFEF11CFA8EC50B5DB7A4EB45B50F28813AE505EF284E7B058A1CBA1
                                        Function 13B1C0DF Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B1B000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3cc98dc3263863927304cd19cedd817243355e2a33a8bbebaf710c765d02e346
                                        • Instruction ID: 69afa672edf42b4426bd747fe86c22ff2209a725d29c49a62835025d7d477b32
                                        • Opcode Fuzzy Hash: 3cc98dc3263863927304cd19cedd817243355e2a33a8bbebaf710c765d02e346
                                        • Instruction Fuzzy Hash: CA413570A48345DFEF11CFA8EC50B5DB7A4EB45B50F28813AE505EF284E7B058A1CBA1
                                        Function 13B1C0DF Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B16000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3cc98dc3263863927304cd19cedd817243355e2a33a8bbebaf710c765d02e346
                                        • Instruction ID: 69afa672edf42b4426bd747fe86c22ff2209a725d29c49a62835025d7d477b32
                                        • Opcode Fuzzy Hash: 3cc98dc3263863927304cd19cedd817243355e2a33a8bbebaf710c765d02e346
                                        • Instruction Fuzzy Hash: CA413570A48345DFEF11CFA8EC50B5DB7A4EB45B50F28813AE505EF284E7B058A1CBA1
                                        Function 13B1C0DF Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B1C000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3cc98dc3263863927304cd19cedd817243355e2a33a8bbebaf710c765d02e346
                                        • Instruction ID: 69afa672edf42b4426bd747fe86c22ff2209a725d29c49a62835025d7d477b32
                                        • Opcode Fuzzy Hash: 3cc98dc3263863927304cd19cedd817243355e2a33a8bbebaf710c765d02e346
                                        • Instruction Fuzzy Hash: CA413570A48345DFEF11CFA8EC50B5DB7A4EB45B50F28813AE505EF284E7B058A1CBA1
                                        Function 13B173FE Relevance: .1, Instructions: 137COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B14000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 98c01bc438f0c1fc59fd400484fb827bb4b82be34fe45df55d090d2b61af5f20
                                        • Instruction ID: 1518794a3a2037ed78babf64e320ab0ad8f2bb9594d06fe10ffae41e23ee65fb
                                        • Opcode Fuzzy Hash: 98c01bc438f0c1fc59fd400484fb827bb4b82be34fe45df55d090d2b61af5f20
                                        • Instruction Fuzzy Hash: 9E415D71A542919ED7148229BC67B6A6F5ADB80368F1C0579F843EF2C1FBD19C90C3B1
                                        Function 13B173FE Relevance: .1, Instructions: 137COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B15000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 98c01bc438f0c1fc59fd400484fb827bb4b82be34fe45df55d090d2b61af5f20
                                        • Instruction ID: 1518794a3a2037ed78babf64e320ab0ad8f2bb9594d06fe10ffae41e23ee65fb
                                        • Opcode Fuzzy Hash: 98c01bc438f0c1fc59fd400484fb827bb4b82be34fe45df55d090d2b61af5f20
                                        • Instruction Fuzzy Hash: 9E415D71A542919ED7148229BC67B6A6F5ADB80368F1C0579F843EF2C1FBD19C90C3B1
                                        Function 13B173FE Relevance: .1, Instructions: 137COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B17000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 25821f7ff02c290679f06ae08d293e85ddcf2bde3bd99019b9126ee8bc0fca69
                                        • Instruction ID: 1518794a3a2037ed78babf64e320ab0ad8f2bb9594d06fe10ffae41e23ee65fb
                                        • Opcode Fuzzy Hash: 25821f7ff02c290679f06ae08d293e85ddcf2bde3bd99019b9126ee8bc0fca69
                                        • Instruction Fuzzy Hash: 9E415D71A542919ED7148229BC67B6A6F5ADB80368F1C0579F843EF2C1FBD19C90C3B1
                                        Function 13B173FE Relevance: .1, Instructions: 137COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B16000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 25821f7ff02c290679f06ae08d293e85ddcf2bde3bd99019b9126ee8bc0fca69
                                        • Instruction ID: 1518794a3a2037ed78babf64e320ab0ad8f2bb9594d06fe10ffae41e23ee65fb
                                        • Opcode Fuzzy Hash: 25821f7ff02c290679f06ae08d293e85ddcf2bde3bd99019b9126ee8bc0fca69
                                        • Instruction Fuzzy Hash: 9E415D71A542919ED7148229BC67B6A6F5ADB80368F1C0579F843EF2C1FBD19C90C3B1
                                        Function 13B25B10 Relevance: .1, Instructions: 104COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601479467.0000000013B25000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B25000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b998e626f1133c465e5fdba98cecafb05674e0db8a66d9d84ab286982a0a3a1f
                                        • Instruction ID: 33718dea73f100e2a4cd64c0bcffcc4596fab805f0446dbdbb5e47925a456cc4
                                        • Opcode Fuzzy Hash: b998e626f1133c465e5fdba98cecafb05674e0db8a66d9d84ab286982a0a3a1f
                                        • Instruction Fuzzy Hash: 7A31D670608201EFD710CF58DC84EAAF7E4EF84760F95855AF9899B291DB70B841CB91
                                        Function 13B1C0EE Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B14000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e57c2ccb74947bebc886e5dc0d5b9db5fac8d606ed3479ddbad71288d269a18b
                                        • Instruction ID: fd7db1d52ce405cb5f962bf6ab00c364f5b735a0017ae098ef9f0c9b07995bd8
                                        • Opcode Fuzzy Hash: e57c2ccb74947bebc886e5dc0d5b9db5fac8d606ed3479ddbad71288d269a18b
                                        • Instruction Fuzzy Hash: 6F210371F883159BDB108E98DC4079DF7E5EF85750F18813AE949AB358D7B09C21CB81
                                        Function 13B1C0EE Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B15000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e57c2ccb74947bebc886e5dc0d5b9db5fac8d606ed3479ddbad71288d269a18b
                                        • Instruction ID: fd7db1d52ce405cb5f962bf6ab00c364f5b735a0017ae098ef9f0c9b07995bd8
                                        • Opcode Fuzzy Hash: e57c2ccb74947bebc886e5dc0d5b9db5fac8d606ed3479ddbad71288d269a18b
                                        • Instruction Fuzzy Hash: 6F210371F883159BDB108E98DC4079DF7E5EF85750F18813AE949AB358D7B09C21CB81
                                        Function 13B1C0EE Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B1B000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e57c2ccb74947bebc886e5dc0d5b9db5fac8d606ed3479ddbad71288d269a18b
                                        • Instruction ID: fd7db1d52ce405cb5f962bf6ab00c364f5b735a0017ae098ef9f0c9b07995bd8
                                        • Opcode Fuzzy Hash: e57c2ccb74947bebc886e5dc0d5b9db5fac8d606ed3479ddbad71288d269a18b
                                        • Instruction Fuzzy Hash: 6F210371F883159BDB108E98DC4079DF7E5EF85750F18813AE949AB358D7B09C21CB81
                                        Function 13B1C0EE Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B16000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e57c2ccb74947bebc886e5dc0d5b9db5fac8d606ed3479ddbad71288d269a18b
                                        • Instruction ID: fd7db1d52ce405cb5f962bf6ab00c364f5b735a0017ae098ef9f0c9b07995bd8
                                        • Opcode Fuzzy Hash: e57c2ccb74947bebc886e5dc0d5b9db5fac8d606ed3479ddbad71288d269a18b
                                        • Instruction Fuzzy Hash: 6F210371F883159BDB108E98DC4079DF7E5EF85750F18813AE949AB358D7B09C21CB81
                                        Function 13B1C0EE Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B1C000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e57c2ccb74947bebc886e5dc0d5b9db5fac8d606ed3479ddbad71288d269a18b
                                        • Instruction ID: fd7db1d52ce405cb5f962bf6ab00c364f5b735a0017ae098ef9f0c9b07995bd8
                                        • Opcode Fuzzy Hash: e57c2ccb74947bebc886e5dc0d5b9db5fac8d606ed3479ddbad71288d269a18b
                                        • Instruction Fuzzy Hash: 6F210371F883159BDB108E98DC4079DF7E5EF85750F18813AE949AB358D7B09C21CB81
                                        Function 13B1C865 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B14000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: daa8c49e56ff8cb03e7da7fbd4e034b71cf7c9794e52a1842374f66f4ac7b9f8
                                        • Instruction ID: 192da4099511e48320216c81020c22859a49a178cfe0af2fa39356536b3c913f
                                        • Opcode Fuzzy Hash: daa8c49e56ff8cb03e7da7fbd4e034b71cf7c9794e52a1842374f66f4ac7b9f8
                                        • Instruction Fuzzy Hash: F0F06272B086158FD710CF98D840699F7E4EF84260F19867AEA68DB351D670ED118781
                                        Function 13B1C865 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B15000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: daa8c49e56ff8cb03e7da7fbd4e034b71cf7c9794e52a1842374f66f4ac7b9f8
                                        • Instruction ID: 192da4099511e48320216c81020c22859a49a178cfe0af2fa39356536b3c913f
                                        • Opcode Fuzzy Hash: daa8c49e56ff8cb03e7da7fbd4e034b71cf7c9794e52a1842374f66f4ac7b9f8
                                        • Instruction Fuzzy Hash: F0F06272B086158FD710CF98D840699F7E4EF84260F19867AEA68DB351D670ED118781
                                        Function 13B1C865 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B1B000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: daa8c49e56ff8cb03e7da7fbd4e034b71cf7c9794e52a1842374f66f4ac7b9f8
                                        • Instruction ID: 192da4099511e48320216c81020c22859a49a178cfe0af2fa39356536b3c913f
                                        • Opcode Fuzzy Hash: daa8c49e56ff8cb03e7da7fbd4e034b71cf7c9794e52a1842374f66f4ac7b9f8
                                        • Instruction Fuzzy Hash: F0F06272B086158FD710CF98D840699F7E4EF84260F19867AEA68DB351D670ED118781
                                        Function 13B1C865 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B16000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: daa8c49e56ff8cb03e7da7fbd4e034b71cf7c9794e52a1842374f66f4ac7b9f8
                                        • Instruction ID: 192da4099511e48320216c81020c22859a49a178cfe0af2fa39356536b3c913f
                                        • Opcode Fuzzy Hash: daa8c49e56ff8cb03e7da7fbd4e034b71cf7c9794e52a1842374f66f4ac7b9f8
                                        • Instruction Fuzzy Hash: F0F06272B086158FD710CF98D840699F7E4EF84260F19867AEA68DB351D670ED118781
                                        Function 13B1C865 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B1C000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: daa8c49e56ff8cb03e7da7fbd4e034b71cf7c9794e52a1842374f66f4ac7b9f8
                                        • Instruction ID: 192da4099511e48320216c81020c22859a49a178cfe0af2fa39356536b3c913f
                                        • Opcode Fuzzy Hash: daa8c49e56ff8cb03e7da7fbd4e034b71cf7c9794e52a1842374f66f4ac7b9f8
                                        • Instruction Fuzzy Hash: F0F06272B086158FD710CF98D840699F7E4EF84260F19867AEA68DB351D670ED118781
                                        Function 13B1C8AB Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B14000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eda2af7dba3f5e78e57934b1d84ee2a00df8ae19c791336db8fa4e3cd5bafed5
                                        • Instruction ID: 7298e297647c5e49930c27f9b12c4d6888ce701aea353b7bd9a96f29543128fd
                                        • Opcode Fuzzy Hash: eda2af7dba3f5e78e57934b1d84ee2a00df8ae19c791336db8fa4e3cd5bafed5
                                        • Instruction Fuzzy Hash: F1F0E962A086454FE700CE6DEC813C5FB94EB45150F28457AE9ADCB312D211D5578741
                                        Function 13B1C8AB Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B15000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eda2af7dba3f5e78e57934b1d84ee2a00df8ae19c791336db8fa4e3cd5bafed5
                                        • Instruction ID: 7298e297647c5e49930c27f9b12c4d6888ce701aea353b7bd9a96f29543128fd
                                        • Opcode Fuzzy Hash: eda2af7dba3f5e78e57934b1d84ee2a00df8ae19c791336db8fa4e3cd5bafed5
                                        • Instruction Fuzzy Hash: F1F0E962A086454FE700CE6DEC813C5FB94EB45150F28457AE9ADCB312D211D5578741
                                        Function 13B1C8AB Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B1B000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eda2af7dba3f5e78e57934b1d84ee2a00df8ae19c791336db8fa4e3cd5bafed5
                                        • Instruction ID: 7298e297647c5e49930c27f9b12c4d6888ce701aea353b7bd9a96f29543128fd
                                        • Opcode Fuzzy Hash: eda2af7dba3f5e78e57934b1d84ee2a00df8ae19c791336db8fa4e3cd5bafed5
                                        • Instruction Fuzzy Hash: F1F0E962A086454FE700CE6DEC813C5FB94EB45150F28457AE9ADCB312D211D5578741
                                        Function 13B1C8AB Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B16000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eda2af7dba3f5e78e57934b1d84ee2a00df8ae19c791336db8fa4e3cd5bafed5
                                        • Instruction ID: 7298e297647c5e49930c27f9b12c4d6888ce701aea353b7bd9a96f29543128fd
                                        • Opcode Fuzzy Hash: eda2af7dba3f5e78e57934b1d84ee2a00df8ae19c791336db8fa4e3cd5bafed5
                                        • Instruction Fuzzy Hash: F1F0E962A086454FE700CE6DEC813C5FB94EB45150F28457AE9ADCB312D211D5578741
                                        Function 13B1C8AB Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B1C000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eda2af7dba3f5e78e57934b1d84ee2a00df8ae19c791336db8fa4e3cd5bafed5
                                        • Instruction ID: 7298e297647c5e49930c27f9b12c4d6888ce701aea353b7bd9a96f29543128fd
                                        • Opcode Fuzzy Hash: eda2af7dba3f5e78e57934b1d84ee2a00df8ae19c791336db8fa4e3cd5bafed5
                                        • Instruction Fuzzy Hash: F1F0E962A086454FE700CE6DEC813C5FB94EB45150F28457AE9ADCB312D211D5578741
                                        Function 13B16668 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B14000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 64dd0dd406049511682670b6dac73914a5f165d7b85e93aebecf78a9657845c8
                                        • Instruction ID: 173204636f8e4cdb0f2dfb936e40ba310362ec7350c490e19e50e37c58bd4f79
                                        • Opcode Fuzzy Hash: 64dd0dd406049511682670b6dac73914a5f165d7b85e93aebecf78a9657845c8
                                        • Instruction Fuzzy Hash: 4CE0E5B124D3915EE3119A19AC50B96FFACDB81720F14819AFC848F096D75185648652
                                        Function 13B16668 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B15000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 64dd0dd406049511682670b6dac73914a5f165d7b85e93aebecf78a9657845c8
                                        • Instruction ID: 173204636f8e4cdb0f2dfb936e40ba310362ec7350c490e19e50e37c58bd4f79
                                        • Opcode Fuzzy Hash: 64dd0dd406049511682670b6dac73914a5f165d7b85e93aebecf78a9657845c8
                                        • Instruction Fuzzy Hash: 4CE0E5B124D3915EE3119A19AC50B96FFACDB81720F14819AFC848F096D75185648652
                                        Function 13B16668 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B16000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 17a86b3c7337ec521342de0b62143fb8b2ccdf122f31aa1efc538a8fe54725e1
                                        • Instruction ID: 173204636f8e4cdb0f2dfb936e40ba310362ec7350c490e19e50e37c58bd4f79
                                        • Opcode Fuzzy Hash: 17a86b3c7337ec521342de0b62143fb8b2ccdf122f31aa1efc538a8fe54725e1
                                        • Instruction Fuzzy Hash: 4CE0E5B124D3915EE3119A19AC50B96FFACDB81720F14819AFC848F096D75185648652
                                        Function 13B177B5 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B14000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d1682234a66f69abf8e54c433252c6529145811e1dafaa8724f003cea2d7a6eb
                                        • Instruction ID: bc7d34d48449a141a332ba9379aed18567a74d381b7e349e5dfcfacb8afdaa1e
                                        • Opcode Fuzzy Hash: d1682234a66f69abf8e54c433252c6529145811e1dafaa8724f003cea2d7a6eb
                                        • Instruction Fuzzy Hash: A3D0A7205A91D058D33291797805B45FF45CB93159F1805BBE5988A1D2A1D204D5C1B2
                                        Function 13B177B5 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B15000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d1682234a66f69abf8e54c433252c6529145811e1dafaa8724f003cea2d7a6eb
                                        • Instruction ID: bc7d34d48449a141a332ba9379aed18567a74d381b7e349e5dfcfacb8afdaa1e
                                        • Opcode Fuzzy Hash: d1682234a66f69abf8e54c433252c6529145811e1dafaa8724f003cea2d7a6eb
                                        • Instruction Fuzzy Hash: A3D0A7205A91D058D33291797805B45FF45CB93159F1805BBE5988A1D2A1D204D5C1B2
                                        Function 13B177B5 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B17000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d1682234a66f69abf8e54c433252c6529145811e1dafaa8724f003cea2d7a6eb
                                        • Instruction ID: bc7d34d48449a141a332ba9379aed18567a74d381b7e349e5dfcfacb8afdaa1e
                                        • Opcode Fuzzy Hash: d1682234a66f69abf8e54c433252c6529145811e1dafaa8724f003cea2d7a6eb
                                        • Instruction Fuzzy Hash: A3D0A7205A91D058D33291797805B45FF45CB93159F1805BBE5988A1D2A1D204D5C1B2
                                        Function 13B177B5 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B16000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d1682234a66f69abf8e54c433252c6529145811e1dafaa8724f003cea2d7a6eb
                                        • Instruction ID: bc7d34d48449a141a332ba9379aed18567a74d381b7e349e5dfcfacb8afdaa1e
                                        • Opcode Fuzzy Hash: d1682234a66f69abf8e54c433252c6529145811e1dafaa8724f003cea2d7a6eb
                                        • Instruction Fuzzy Hash: A3D0A7205A91D058D33291797805B45FF45CB93159F1805BBE5988A1D2A1D204D5C1B2
                                        Function 13B1A346 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B14000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a4f71e4efe7a9fd0db150e7136d15b167bf01632b0aace6f178ea1b95d5fd6f
                                        • Instruction ID: 5c0c5a5f24a4e806b3743fd7962b1056a498c2d70a050ce8dde15285ade46b68
                                        • Opcode Fuzzy Hash: 9a4f71e4efe7a9fd0db150e7136d15b167bf01632b0aace6f178ea1b95d5fd6f
                                        • Instruction Fuzzy Hash: 0FB012B3289104C643209A9DF8914E4F34DEA420BFF1042F7D90844100261B406211F1
                                        Function 13B1A346 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B15000, based on PE: false
                                        • Associated: 00000000.00000003.2601131818.0000000013B14000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a4f71e4efe7a9fd0db150e7136d15b167bf01632b0aace6f178ea1b95d5fd6f
                                        • Instruction ID: 5c0c5a5f24a4e806b3743fd7962b1056a498c2d70a050ce8dde15285ade46b68
                                        • Opcode Fuzzy Hash: 9a4f71e4efe7a9fd0db150e7136d15b167bf01632b0aace6f178ea1b95d5fd6f
                                        • Instruction Fuzzy Hash: 0FB012B3289104C643209A9DF8914E4F34DEA420BFF1042F7D90844100261B406211F1
                                        Function 13B1A346 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B16000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a4f71e4efe7a9fd0db150e7136d15b167bf01632b0aace6f178ea1b95d5fd6f
                                        • Instruction ID: 5c0c5a5f24a4e806b3743fd7962b1056a498c2d70a050ce8dde15285ade46b68
                                        • Opcode Fuzzy Hash: 9a4f71e4efe7a9fd0db150e7136d15b167bf01632b0aace6f178ea1b95d5fd6f
                                        • Instruction Fuzzy Hash: 0FB012B3289104C643209A9DF8914E4F34DEA420BFF1042F7D90844100261B406211F1
                                        Function 13B1A346 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2601646833.0000000013B16000.00000010.00000800.00020000.00000000.sdmp, Offset: 13B19000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_13b14000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a4f71e4efe7a9fd0db150e7136d15b167bf01632b0aace6f178ea1b95d5fd6f
                                        • Instruction ID: 5c0c5a5f24a4e806b3743fd7962b1056a498c2d70a050ce8dde15285ade46b68
                                        • Opcode Fuzzy Hash: 9a4f71e4efe7a9fd0db150e7136d15b167bf01632b0aace6f178ea1b95d5fd6f
                                        • Instruction Fuzzy Hash: 0FB012B3289104C643209A9DF8914E4F34DEA420BFF1042F7D90844100261B406211F1
                                        Function 1067105F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106710A7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106710AF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671567 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067156F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067155F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106715DF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106711A7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106711AF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106711B7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671587 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067158F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671597 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671197 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067119F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671A1F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106716F7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106716FF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106716D7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106716DF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671687 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067168F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671E97 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671E9F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671747 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067174F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671757 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067133F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067173F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671717 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067171F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671FD7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10671FBF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644796385.0000000010671000.00000010.00000800.00020000.00000000.sdmp, Offset: 10671000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10671000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: 1089408414d9cda444aeb9154aff167c4d10a460a9e188836207a85fcdc9af50
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10672C1F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672D67 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672D6F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672D7F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672D47 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672D4F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672D5F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 106729E7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672DEF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672E17 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672A17 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672AF7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672ACF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672F6F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672F77 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672FC7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672FCF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672FB7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672FBF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672F8F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10672F9F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644746357.0000000010672000.00000010.00000800.00020000.00000000.sdmp, Offset: 10672000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10672000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction ID: 4a21168ef5fb37716b73ee67cb506fbfa45f95c5b4597758e82428e74b356d87
                                        • Opcode Fuzzy Hash: 8af8e666c985d769abef00b650d2a0ef45d806e04ace0a9bb6a7d9e37592bb45
                                        • Instruction Fuzzy Hash:
                                        Function 10670467 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670867 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067086F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067046F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670847 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670047 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067084F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670057 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670857 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067005F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067085F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067002F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670037 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670017 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067001F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670CE7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670CF7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106700C7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106700CF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670CDF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106708DF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106700A7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670CBF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106700BF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670C87 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067048F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067009F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670567 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670577 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067057F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670547 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067054F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670557 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067055F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670127 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670D2F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670507 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670107 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067010F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670117 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067011F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106709E7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670267 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670A67 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670277 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067027F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670E47 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067024F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067025F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670A3F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106706E7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106706EF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106706F7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670AFF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106706CF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106706D7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106702DF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106706DF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106706AF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106702B7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670A87 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067068F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067028F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670297 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067029F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670767 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670347 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670757 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067075F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067072F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670737 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670337 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067033F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 1067070F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670317 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670FE7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106707F7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106707FF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106707CF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106703CF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106707D7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670FDF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 106707AF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10670787 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2644836029.0000000010670000.00000010.00000800.00020000.00000000.sdmp, Offset: 10670000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10670000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction ID: b7bbf75c6179d0715a9e3d428c2396e58d43f5d48fb71c0b1513bb439b5c2711
                                        • Opcode Fuzzy Hash: 038838da03f92041eb97c124a34e167666dd69173e865bf4b26b04ae9f25f26a
                                        • Instruction Fuzzy Hash:
                                        Function 10D200D7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20CD7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20CDF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20CC7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D200CF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20CCF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D200F7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D200FF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20CEF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D204EF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D200EF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20087 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20487 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2008F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20CB7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20857 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2085F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2007F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20C7F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20467 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20867 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20017 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2003F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D209DF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20DE7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2099F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D209A7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20557 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2055F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20147 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2054F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20577 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2096F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2056F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20137 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2013F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D202D7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20AD7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20AF7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20297 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2028F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20AB7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D202AF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20A5F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20E5F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20647 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20E77 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20A7F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20667 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20E67 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2066F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2061F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20607 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20A37 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20E3F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2063F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20627 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D203D7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20FD7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20FDF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D203DF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20FC7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D207F7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20FE7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D207E7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D203E7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20BE7 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D207EF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D203BF Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20757 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2075F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20347 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2074F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2077F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20F6F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20B1F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2030F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20337 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2033F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2073F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20727 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20B27 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2072F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D2032F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:
                                        Function 10D20B2F Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000003.2602205112.0000000010D20000.00000010.00000800.00020000.00000000.sdmp, Offset: 10D20000, based on PE: false
                                        • Associated: 00000000.00000003.2643930898.0000000010D20000.00000010.00000800.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_3_10d20000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction ID: 3a5d0256de3364f8f61e0a7884d9a3019d6d7d684c8c179e42fb851d5d4b1083
                                        • Opcode Fuzzy Hash: 7968d173d69effb785a1839bb939dee08da36297af09920068207eeeb3fd1474
                                        • Instruction Fuzzy Hash:

                                        Non-executed Functions

                                        Function 04E600A0 Relevance: .3, Instructions: 334COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2708493140.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DD0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4dd0000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f0ad50bc8ac6fe3d13b2bd32382ddfbe3398cadc512f0d8de8b98dd1a9646753
                                        • Instruction ID: 1866a1edf4c0cb9fd3c43bffe348dc0ae5145f814b8a368cbc35fcadb1601388
                                        • Opcode Fuzzy Hash: f0ad50bc8ac6fe3d13b2bd32382ddfbe3398cadc512f0d8de8b98dd1a9646753
                                        • Instruction Fuzzy Hash: 76C1DEB19443449BE721EF65D880B2BBBE9FF85708F14582DE48A0B342E7B1F554CB52
                                        Function 0043F78B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • TlsGetValue.KERNEL32(00000000,0043F83B,?,0043AE02), ref: 0043F798
                                        • TlsGetValue.KERNEL32(00000005,?,0043AE02), ref: 0043F7AF
                                        • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0043AE02), ref: 0043F7C4
                                        • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 0043F7DF
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2698519737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.2698453549.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698654394.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698728259.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.0000000000570000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.0000000000576000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2698785893.0000000000583000.00000008.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2699884196.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2700460692.00000000005A3000.00000020.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2700731848.000000000075D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2700731848.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_400000_LisectAVT_2403002B_286.jbxd
                                        Similarity
                                        • API ID: Value$AddressHandleModuleProc
                                        • String ID: DecodePointer$KERNEL32.DLL
                                        • API String ID: 1929421221-629428536
                                        • Opcode ID: 88f913852e08c1575371cd1b3d4c95e2569a501468fffc6810ca2a17cca08315
                                        • Instruction ID: 1011355f33926e0c44f682315990b034e323b83c7b84978fd469daf0dde1a0ad
                                        • Opcode Fuzzy Hash: 88f913852e08c1575371cd1b3d4c95e2569a501468fffc6810ca2a17cca08315
                                        • Instruction Fuzzy Hash: 42F09031A002139B86126B75EE4495F3A98EF0A791F251437FC04D23B1EB68CD868A9E

                                        Execution Graph

                                        Execution Coverage:2.7%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:3.4%
                                        Total number of Nodes:2000
                                        Total number of Limit Nodes:74
                                        execution_graph 126696 4e1a560 126701 4e17060 126696->126701 126698 4e1a585 126699 4e1a5bb 126698->126699 126762 4e151c0 43 API calls 126698->126762 126703 4e1707e 126701->126703 126702 4e1708c 126702->126698 126703->126702 126737 4e1728a 126703->126737 126763 4e13810 126703->126763 126706 4e172b8 126707 4e172bc 126706->126707 126736 4e172e0 126706->126736 126708 4e306c0 17 API calls 126707->126708 126709 4e172d0 126708->126709 126709->126698 126710 4e140d0 39 API calls 126710->126736 126712 4e17102 126766 4e306c0 126712->126766 126715 4e17156 126716 4e1715c 126715->126716 126770 4e1d170 22 API calls 126715->126770 126718 4e306c0 17 API calls 126716->126718 126717 4e306c0 17 API calls 126722 4e17708 126717->126722 126723 4e17186 126718->126723 126720 4e174c8 126720->126717 126725 4e306c0 17 API calls 126722->126725 126723->126698 126724 4e171d0 126727 4e171f2 126724->126727 126728 4e171db 126724->126728 126726 4e17714 126725->126726 126726->126698 126771 4e27ca0 21 API calls 126727->126771 126729 4e306c0 17 API calls 126728->126729 126729->126716 126731 4e17215 126772 4e140d0 39 API calls 126731->126772 126733 4e17235 126734 4e1727c 126733->126734 126739 4e17239 126733->126739 126735 4e306c0 17 API calls 126734->126735 126735->126737 126736->126710 126736->126720 126738 4e20550 21 API calls 126736->126738 126740 4e174e4 126736->126740 126745 4e17538 126736->126745 126751 4e306c0 17 API calls 126736->126751 126774 4e0ec00 15 API calls 126736->126774 126737->126736 126773 4e15d70 93 API calls 126737->126773 126738->126736 126741 4e17060 132 API calls 126739->126741 126742 4e306c0 17 API calls 126740->126742 126743 4e1726e 126741->126743 126742->126720 126744 4e306c0 17 API calls 126743->126744 126744->126716 126746 4e17540 126745->126746 126747 4e175d8 126745->126747 126749 4e306c0 17 API calls 126746->126749 126748 4e306c0 17 API calls 126747->126748 126750 4e175f7 126748->126750 126754 4e1756d 126749->126754 126753 4e17674 126750->126753 126758 4e17634 126750->126758 126751->126736 126752 4e306c0 17 API calls 126755 4e175c1 126752->126755 126753->126720 126775 4e153d0 44 API calls 126753->126775 126754->126752 126756 4e306c0 17 API calls 126755->126756 126757 4e175cd 126756->126757 126757->126698 126758->126720 126760 4e1765d CloseHandle 126758->126760 126760->126720 126761 4e17668 126760->126761 126761->126720 126762->126699 126776 4dc8ef0 126763->126776 126765 4e13820 126765->126712 126765->126715 126765->126737 126767 4e17137 126766->126767 126768 4e306ca 126766->126768 126767->126698 126802 4e94070 17 API calls 126768->126802 126770->126724 126771->126731 126772->126733 126773->126706 126774->126736 126775->126720 126790 4dc8ac0 GetCurrentThreadId 126776->126790 126779 4dc8f0f 126780 4dc8f61 126779->126780 126781 4dc8f2b InterlockedExchange 126779->126781 126780->126765 126781->126780 126782 4dc8f48 InterlockedDecrement ReleaseSemaphore 126781->126782 126782->126780 126783 4dc8fb2 126785 4dfa150 3 API calls 126783->126785 126784 4dc8f6b 126784->126783 126786 4dc8f96 126784->126786 126787 4dc8fcd 126785->126787 126796 4dfa150 126786->126796 126787->126765 126791 4dc8add 126790->126791 126795 4dc8af5 126790->126795 126792 4dc8b0f 126791->126792 126793 4dc8ae3 InterlockedCompareExchange 126791->126793 126801 4dc4880 11 API calls 126792->126801 126793->126792 126793->126795 126795->126779 126795->126784 126797 4dfa156 126796->126797 126798 4dc8fa9 126796->126798 126797->126798 126799 4dfa15f InterlockedExchange 126797->126799 126798->126765 126799->126798 126800 4dfa17c InterlockedDecrement ReleaseSemaphore 126799->126800 126800->126798 126801->126795 126802->126767 128091 4e4c3a0 128092 4e4c3bd NtQueryAttributesFile 128091->128092 128093 4e65ca0 128094 4e65cb7 RegOpenKeyExW 128093->128094 128095 4e65caa RegCloseKey 128093->128095 128096 4e65cda 128094->128096 128095->128094 126803 4e80d60 126910 4e30ab0 GetLastError 126803->126910 126805 4e80d6d TlsGetValue 126806 4e80d7d NtOpenFile 126805->126806 126810 4e80dd6 126805->126810 126911 4e30ae0 GetLastError 126806->126911 126808 4e80e08 126813 4e80e38 126808->126813 126814 4e80f55 126808->126814 126810->126808 126914 4e7eec0 19 API calls 126810->126914 126915 4dc4c20 126813->126915 126819 4e8112f 126814->126819 126820 4e80f4b 126814->126820 126816 4e80e46 126933 4e50510 27 API calls 126816->126933 126818 4e80e5e 126934 4e4f5c0 23 API calls 126818->126934 126824 4e30ae0 2 API calls 126819->126824 126820->126814 126822 4dc4c20 21 API calls 126820->126822 126825 4e80fa4 126822->126825 126823 4e80e65 126935 4e4d430 19 API calls 126823->126935 126827 4e81138 126824->126827 126951 4e50510 27 API calls 126825->126951 126829 4e80e71 126835 4e80e81 126829->126835 126936 4e94070 17 API calls 126829->126936 126830 4e80fbc 126952 4e4f5c0 23 API calls 126830->126952 126834 4e80fc3 126953 4e4d430 19 API calls 126834->126953 126937 4e4e6f0 27 API calls 126835->126937 126836 4e80ea1 126938 4e4e180 27 API calls 126836->126938 126839 4e80eb1 126939 4e4d450 27 API calls 126839->126939 126840 4e80fcf 126842 4e80fdf 126840->126842 126954 4e94070 17 API calls 126840->126954 126955 4dc4ec0 20 API calls 126842->126955 126844 4e80ec1 126940 4e4f5c0 23 API calls 126844->126940 126846 4e81008 126956 4e4f790 31 API calls 126846->126956 126849 4e80ece 126941 4e506a0 23 API calls 126849->126941 126850 4e8101c 126957 4e4e6f0 27 API calls 126850->126957 126853 4e80ed5 126942 4e4f5c0 23 API calls 126853->126942 126854 4e8102c 126958 4e4e180 27 API calls 126854->126958 126857 4e80edc 126943 4e506a0 23 API calls 126857->126943 126858 4e8103c 126959 4e4d450 27 API calls 126858->126959 126861 4e80ee3 126944 4e4f5c0 23 API calls 126861->126944 126862 4e8104c 126960 4e4f5c0 23 API calls 126862->126960 126865 4e80eea 126945 4e506a0 23 API calls 126865->126945 126866 4e81059 126961 4e506a0 23 API calls 126866->126961 126869 4e80ef1 126946 4e4f5c0 23 API calls 126869->126946 126870 4e81060 126962 4e4f5c0 23 API calls 126870->126962 126872 4e80ef8 126874 4e81067 126963 4e506a0 23 API calls 126874->126963 126878 4e8106e 126964 4e4f5c0 23 API calls 126878->126964 126883 4e81075 126965 4e506a0 23 API calls 126883->126965 126887 4e8107c 126910->126805 126912 4e30af4 126911->126912 126913 4e30aed SetLastError 126911->126913 126913->126912 126914->126808 126916 4dc4c34 126915->126916 126917 4dc4cd5 126915->126917 126916->126917 126919 4dc4c4a 126916->126919 126918 4dc25c0 19 API calls 126917->126918 126920 4dc4ced 126918->126920 126977 4e93f10 RtlZeroMemory 126919->126977 126920->126816 126922 4dc4c75 126978 4e93f30 RtlMoveMemory 126922->126978 126924 4dc4c84 126979 4dc25c0 126924->126979 126926 4dc4c9d 126986 4e94070 17 API calls 126926->126986 126928 4dc4ca3 126929 4dc25c0 19 API calls 126928->126929 126930 4dc4cbe 126929->126930 126931 4dc4cc8 126930->126931 126987 4e94070 17 API calls 126930->126987 126931->126816 126933->126818 126934->126823 126935->126829 126936->126835 126937->126836 126938->126839 126939->126844 126940->126849 126941->126853 126942->126857 126943->126861 126944->126865 126945->126869 126946->126872 126951->126830 126952->126834 126953->126840 126954->126842 126955->126846 126956->126850 126957->126854 126958->126858 126959->126862 126960->126866 126961->126870 126962->126874 126963->126878 126964->126883 126965->126887 126977->126922 126978->126924 126980 4dc25dc 126979->126980 126981 4dc25cc 126979->126981 126984 4dc1cf0 18 API calls 126980->126984 126988 4dc1cf0 126981->126988 126985 4dc25f8 memcpy 126984->126985 126985->126926 126986->126928 126987->126931 126989 4dc1cfd 126988->126989 126993 4dc1d44 126988->126993 126990 4dc1d2c memcpy 126989->126990 126991 4dc1d3e 126989->126991 126990->126991 126994 4e94070 17 API calls 126991->126994 126993->126926 126994->126993 126995 4e89160 126996 4e89173 126995->126996 126997 4e89186 126996->126997 127000 4e89198 126996->127000 127001 4e86430 473 API calls 126997->127001 126999 4e89194 126999->127000 127001->126999 127002 4e14070 127003 4e1407b 127002->127003 127005 4e14093 127003->127005 127006 4e13b70 127003->127006 127007 4e13b89 127006->127007 127023 4dc40f0 20 API calls 127007->127023 127009 4e13c60 127024 4e28de0 28 API calls 127009->127024 127011 4e13ca5 127025 4e27870 28 API calls 127011->127025 127013 4e13cb0 127026 4e27240 127013->127026 127023->127009 127024->127011 127025->127013 127028 4e27252 127026->127028 127027 4e27275 127029 4dc25c0 19 API calls 127027->127029 127028->127027 127089 4e28920 20 API calls 127028->127089 127031 4e27295 127029->127031 127055 4dc3f20 127031->127055 127034 4e272bb 127061 4dff070 127034->127061 127037 4e272d2 127038 4dff070 21 API calls 127037->127038 127039 4e272e8 127038->127039 127075 4e27120 127039->127075 127042 4e27304 127044 4e27321 127042->127044 127092 4e94070 17 API calls 127042->127092 127046 4e27356 127044->127046 127047 4e27120 22 API calls 127044->127047 127048 4e27364 127046->127048 127093 4e94070 17 API calls 127046->127093 127049 4e2733d 127047->127049 127049->127046 127056 4dc1cf0 18 API calls 127055->127056 127057 4dc3f4b 127056->127057 127058 4dc3f92 127057->127058 127059 4dc1cf0 18 API calls 127057->127059 127058->127034 127090 4e94070 17 API calls 127058->127090 127060 4dc3f5e memcpy memcpy 127059->127060 127060->127058 127062 4dff07f 127061->127062 127063 4dff0a1 127061->127063 127064 4dc25c0 19 API calls 127062->127064 127065 4dc1cf0 18 API calls 127063->127065 127066 4dff099 127064->127066 127067 4dff0dc 127065->127067 127066->127037 127068 4dff122 127067->127068 127069 4dc1cf0 18 API calls 127067->127069 127070 4dc25c0 19 API calls 127068->127070 127071 4dff0f3 memcpy memcpy 127069->127071 127072 4dff138 127070->127072 127071->127068 127073 4dff143 127072->127073 127094 4e94070 17 API calls 127072->127094 127073->127037 127076 4e2713a 127075->127076 127095 4e302e0 RtlInitUnicodeString 127076->127095 127078 4e27147 127096 4e27c10 RtlInitUnicodeString 127078->127096 127080 4e2722b 127080->127042 127091 4e94070 17 API calls 127080->127091 127083 4e306c0 17 API calls 127085 4e27161 127083->127085 127085->127080 127085->127083 127097 4e30620 127085->127097 127100 4e269f0 RtlCompareUnicodeString 127085->127100 127101 4e27c40 RtlInitUnicodeString 127085->127101 127102 4e27080 21 API calls 127085->127102 127103 4e302e0 RtlInitUnicodeString 127085->127103 127104 4e26e20 21 API calls 127085->127104 127089->127027 127090->127034 127091->127042 127092->127044 127093->127048 127094->127073 127095->127078 127096->127085 127105 4e30540 127097->127105 127100->127085 127101->127085 127102->127085 127103->127085 127104->127085 127106 4e3055c 127105->127106 127107 4e30579 127106->127107 127111 4e93fa0 127106->127111 127120 4e93f30 RtlMoveMemory 127107->127120 127121 4e8ff80 127111->127121 127126 4e4bcf0 127127 4e4bd12 NtOpenKey 127126->127127 127128 4e4c070 127129 4e4c0b0 NtReadFile 127128->127129 127130 4e4bff0 127131 4e4c03a NtCreateFile 127130->127131 128097 4e4bfb0 128098 4e4bfe1 NtOpenFile 128097->128098 128099 4e4c5b0 128100 4e4c5d2 NtSetSecurityObject 128099->128100 128101 4e50cb0 128102 4e50cbb 128101->128102 128103 4e50cc4 GetCurrentThreadId 128102->128103 128104 4e50cd1 128102->128104 128105 4e50cd3 RtlQueueApcWow64Thread 128103->128105 128104->128105 127132 2651e78 127133 2651eb9 127132->127133 127136 4e4ba50 127133->127136 127134 2651ed9 127137 4e4ba6c NtClose 127136->127137 127137->127134 128106 4dde180 128107 4dde1ab 128106->128107 128125 4ddcf60 128107->128125 128109 4dde44b 128111 4dde2ec 128111->128109 128113 4dde2fd TlsGetValue 128111->128113 128112 4dde409 128112->128109 128114 4dde423 CreateEventW 128112->128114 128113->128109 128116 4dde312 128113->128116 128156 4dd1700 128114->128156 128155 4df8ba0 20 API calls 128116->128155 128118 4dde397 128119 4e306c0 17 API calls 128118->128119 128120 4dde3e5 128119->128120 128121 4e306c0 17 API calls 128120->128121 128122 4dde3f1 128121->128122 128123 4e306c0 17 API calls 128122->128123 128124 4dde3fa 128123->128124 128126 4ddcf73 128125->128126 128171 4dc1920 21 API calls 128126->128171 128128 4ddcf87 128172 4dfeae0 RtlCompareUnicodeString RtlInitUnicodeString RtlMoveMemory 128128->128172 128130 4ddcf9f 128131 4ddcfc7 128130->128131 128132 4ddcfa6 128130->128132 128173 4e93f10 RtlZeroMemory 128131->128173 128133 4e306c0 17 API calls 128132->128133 128135 4ddcfbc 128133->128135 128135->128109 128135->128111 128135->128112 128136 4ddcfd4 128137 4dc4c20 21 API calls 128136->128137 128138 4ddcffb 128137->128138 128174 4e88c90 53 API calls 128138->128174 128140 4ddd018 128141 4ddd050 128140->128141 128227 4e305f0 20 API calls 128140->128227 128175 4ddb3d0 128141->128175 128143 4ddd030 128228 4e306a0 20 API calls 128143->128228 128147 4ddd03a 128148 4e306c0 17 API calls 128147->128148 128150 4ddd046 128148->128150 128229 4e8db10 17 API calls 128150->128229 128155->128118 128157 4dc8ac0 13 API calls 128156->128157 128158 4dd1715 128157->128158 128302 4dfac40 128158->128302 128160 4dd1726 128162 4dd1738 128160->128162 128322 4e9c8c0 34 API calls 128160->128322 128316 4dc8b50 128162->128316 128164 4dd1784 128165 4dd1867 128164->128165 128167 4dc9730 16 API calls 128164->128167 128168 4dc9510 16 API calls 128164->128168 128166 4dd18d7 128165->128166 128169 4dd18a7 InterlockedExchange 128165->128169 128166->128109 128167->128164 128168->128164 128169->128166 128170 4dd18bf InterlockedDecrement ReleaseSemaphore 128169->128170 128170->128166 128171->128128 128172->128130 128173->128136 128174->128140 128176 4ddb3e4 128175->128176 128231 4dd08b0 128176->128231 128178 4ddb40b 128179 4ddb40f 128178->128179 128180 4ddb429 128178->128180 128275 4dc8450 17 API calls 128179->128275 128182 4ddb439 128180->128182 128183 4ddb61a 128180->128183 128189 4ddb445 128182->128189 128190 4ddb482 128182->128190 128185 4ddb625 128183->128185 128201 4ddb672 128183->128201 128186 4ddb64f 128185->128186 128187 4ddb634 128185->128187 128284 4dd6060 134 API calls 128186->128284 128283 4dc8450 17 API calls 128187->128283 128189->128187 128194 4ddb458 128189->128194 128278 4dc1920 21 API calls 128190->128278 128193 4ddb658 128285 4dc8450 17 API calls 128193->128285 128276 4dd6120 134 API calls 128194->128276 128200 4ddb468 128277 4dc8450 17 API calls 128200->128277 128203 4ddb6b0 128201->128203 128238 4dd61c0 128201->128238 128286 4dc8450 17 API calls 128203->128286 128205 4ddb4f9 128207 4e306c0 17 API calls 128205->128207 128208 4ddb505 128207->128208 128280 4dc8450 17 API calls 128208->128280 128212 4ddb4a1 128212->128205 128213 4dcd900 39 API calls 128212->128213 128214 4ddb4e9 128213->128214 128215 4ddb4ed 128214->128215 128219 4ddb520 128214->128219 128279 4dc8010 17 API calls 128215->128279 128218 4dd61c0 248 API calls 128218->128219 128219->128218 128220 4ddb5d9 128219->128220 128281 4dd6120 134 API calls 128219->128281 128282 4dc8010 17 API calls 128220->128282 128227->128143 128228->128147 128229->128141 128232 4dd08cf 128231->128232 128233 4dd08e0 128231->128233 128234 4e13810 19 API calls 128232->128234 128235 4dcd900 39 API calls 128233->128235 128237 4dd08e8 128233->128237 128234->128233 128236 4dd09d7 128235->128236 128236->128178 128237->128178 128268 4dd61e1 128238->128268 128241 4dd781c 128296 4df6e30 65 API calls 128241->128296 128243 4dd7907 128265 4dd7419 128243->128265 128298 4df91e0 128243->128298 128244 4df91e0 RtlInitUnicodeString 128244->128268 128247 4e306c0 17 API calls 128247->128268 128248 4dd785c 128297 4dd1e60 54 API calls 128248->128297 128250 4dedad0 114 API calls 128250->128268 128251 4dd78b3 128251->128201 128252 4e302e0 RtlInitUnicodeString 128252->128268 128253 4dd75fb 128292 4df6e30 65 API calls 128253->128292 128254 4dd7719 128294 4df6e30 65 API calls 128254->128294 128255 4dd74e0 128290 4df6e30 65 API calls 128255->128290 128259 4dd766a 128293 4dd1e60 54 API calls 128259->128293 128261 4dd7785 128295 4dd1e60 54 API calls 128261->128295 128262 4dd754f 128291 4dd1e60 54 API calls 128262->128291 128263 4df5cd0 73 API calls 128263->128268 128265->128201 128267 4dd1e60 54 API calls 128267->128268 128268->128241 128268->128243 128268->128244 128268->128247 128268->128250 128268->128252 128268->128253 128268->128254 128268->128255 128268->128263 128268->128265 128268->128267 128270 4df8cd0 RtlCompareUnicodeString 128268->128270 128271 4dd1f20 39 API calls 128268->128271 128274 4e30300 RtlMoveMemory 128268->128274 128287 4def260 88 API calls 128268->128287 128288 4dd2af0 128 API calls 128268->128288 128289 4dd3dd0 248 API calls 128268->128289 128269 4dd7697 128269->128201 128270->128268 128271->128268 128272 4dd7592 128272->128201 128273 4dd77c8 128273->128201 128274->128268 128276->128200 128278->128212 128281->128219 128284->128193 128287->128268 128288->128268 128289->128268 128290->128262 128291->128272 128292->128259 128293->128269 128294->128261 128295->128273 128296->128248 128297->128251 128301 4e302e0 RtlInitUnicodeString 128298->128301 128300 4df91f4 128300->128265 128301->128300 128303 4dc8ac0 13 API calls 128302->128303 128304 4dfac53 128303->128304 128305 4dfac5f 128304->128305 128309 4dfacbb 128304->128309 128306 4dfacb1 128305->128306 128307 4dfac7b InterlockedExchange 128305->128307 128306->128160 128307->128306 128308 4dfac98 InterlockedDecrement ReleaseSemaphore 128307->128308 128308->128306 128310 4dfacf6 128309->128310 128311 4dfacda 128309->128311 128312 4dfa150 3 API calls 128310->128312 128313 4dfa150 3 API calls 128311->128313 128314 4dfad11 128312->128314 128315 4dfaced 128313->128315 128314->128160 128315->128160 128317 4dc8ac0 13 API calls 128316->128317 128318 4dc8b64 128317->128318 128319 4dc8bf6 128318->128319 128320 4dc8bc0 InterlockedExchange 128318->128320 128319->128164 128320->128319 128321 4dc8bdd InterlockedDecrement ReleaseSemaphore 128320->128321 128321->128319 128322->128162 128323 4ddd900 128326 4dd9810 128323->128326 128325 4ddd94f 128327 4dd982e ResetEvent 128326->128327 128328 4dd9835 128326->128328 128327->128328 128485 4dc9bd0 128328->128485 128331 4dda61f 128587 4df7920 16 API calls 128331->128587 128333 4e13810 19 API calls 128335 4dd9878 128333->128335 128334 4dda654 128336 4dda65b 128334->128336 128337 4dda676 128334->128337 128588 4df77e0 16 API calls 128334->128588 128344 4dd9fd7 128335->128344 128366 4dd9884 128335->128366 128340 4dda71e SetEvent 128336->128340 128341 4dda725 128336->128341 128589 4df79c0 16 API calls 128337->128589 128340->128341 128343 4dda72c GetCurrentThread NtQueueApcThread 128341->128343 128364 4dd9892 128341->128364 128342 4dda67d 128342->128336 128590 4df7a60 30 API calls 128342->128590 128343->128364 128345 4dd9ffc 128344->128345 128356 4dda043 128344->128356 128347 4e306c0 17 API calls 128345->128347 128347->128364 128348 4dda6ae 128349 4dda6b9 128348->128349 128350 4dda6d7 128348->128350 128591 4df7690 16 API calls 128349->128591 128592 4e93f30 RtlMoveMemory 128350->128592 128353 4dda6ec 128593 4df7880 16 API calls 128353->128593 128354 4dda6c0 128354->128336 128594 4e94070 17 API calls 128354->128594 128358 4dcd900 39 API calls 128356->128358 128359 4dda08a 128358->128359 128360 4dda08e 128359->128360 128361 4dda0d9 128359->128361 128363 4e4aa60 17 API calls 128360->128363 128488 4dc4470 128361->128488 128365 4dda0a8 128363->128365 128364->128325 128367 4e306c0 17 API calls 128365->128367 128366->128364 128373 4dd9977 128366->128373 128561 4df75f0 16 API calls 128366->128561 128368 4dda0b4 128367->128368 128370 4e306c0 17 API calls 128368->128370 128370->128364 128371 4dda0e6 128502 4dc9b90 128371->128502 128374 4dcd900 39 API calls 128373->128374 128375 4dd99d3 128374->128375 128376 4dd99d7 128375->128376 128377 4dd9a02 128375->128377 128562 4dc8010 17 API calls 128376->128562 128380 4dc4470 20 API calls 128377->128380 128379 4dda1d6 128383 4dc79d0 40 API calls 128379->128383 128396 4dda291 128379->128396 128390 4dd9a19 128380->128390 128384 4dda202 128383->128384 128385 4e30270 RtlZeroMemory 128384->128385 128408 4dda222 128385->128408 128386 4dda54b 128530 4dc79d0 128386->128530 128388 4dd9a64 128563 4dc76a0 37 API calls 128388->128563 128390->128388 128393 4dc84a0 37 API calls 128390->128393 128391 4dda130 128391->128379 128395 4dda1ae 128391->128395 128572 4df75f0 16 API calls 128391->128572 128393->128388 128508 4dc84a0 128395->128508 128396->128386 128399 4e30620 19 API calls 128396->128399 128415 4dda2ec 128399->128415 128400 4dd9a8b 128403 4dd9f9c 128400->128403 128406 4dd9b03 128400->128406 128564 4e302e0 RtlInitUnicodeString 128400->128564 128571 4dc8010 17 API calls 128403->128571 128406->128403 128565 4e302e0 RtlInitUnicodeString 128406->128565 128412 4dda288 128408->128412 128418 4dc79d0 40 API calls 128408->128418 128411 4dd9aec 128424 4dd9af3 RtlCompareUnicodeString 128411->128424 128420 4dc1510 2 API calls 128412->128420 128573 4e30a70 RtlCompareUnicodeString RtlMoveMemory 128415->128573 128418->128412 128420->128396 128421 4dd9b1f 128566 4e302e0 RtlInitUnicodeString 128421->128566 128424->128403 128424->128406 128430 4dda3cd 128435 4dda311 128435->128430 128441 4dda33d 128435->128441 128574 4e305b0 19 API calls 128441->128574 128445 4dd9bb2 RtlCompareUnicodeString 128484 4dd9b30 128445->128484 128451 4dd9cdd 128451->128484 128567 4e535b0 GetSystemTime SystemTimeToFileTime 128451->128567 128478 4e93f10 RtlZeroMemory 128478->128484 128479 4e306c0 17 API calls 128479->128484 128480 4e93f30 RtlMoveMemory 128480->128484 128483 4e302e0 RtlInitUnicodeString 128483->128484 128484->128403 128484->128445 128484->128451 128484->128478 128484->128479 128484->128480 128484->128483 128568 4dfe760 24 API calls 128484->128568 128569 4df7730 16 API calls 128484->128569 128570 4dc2340 17 API calls 128484->128570 128486 4dc8ef0 19 API calls 128485->128486 128487 4dc9be0 128486->128487 128487->128331 128487->128333 128490 4dc4487 128488->128490 128489 4dc44b2 128492 4e306c0 17 API calls 128489->128492 128490->128489 128595 4df9320 19 API calls 128490->128595 128493 4dc44cc 128492->128493 128494 4e306c0 17 API calls 128493->128494 128495 4dc44d8 128494->128495 128496 4dc4533 128495->128496 128596 4df9320 19 API calls 128495->128596 128498 4e306c0 17 API calls 128496->128498 128499 4dc454f 128498->128499 128500 4e306c0 17 API calls 128499->128500 128501 4dc4558 128500->128501 128501->128371 128597 4dc9180 19 API calls 128502->128597 128504 4dc9ba0 128505 4dc9bc6 128504->128505 128598 4e306a0 20 API calls 128504->128598 128505->128391 128507 4dc9bb5 128507->128391 128509 4dc84be 128508->128509 128510 4dc4470 20 API calls 128509->128510 128528 4dc84ef 128510->128528 128511 4dc894f 128513 4dc8a32 128511->128513 128606 4dc59f0 20 API calls 128511->128606 128514 4dc8a54 128513->128514 128607 4df7730 16 API calls 128513->128607 128516 4dc4470 20 API calls 128516->128528 128524 4e302e0 RtlInitUnicodeString 128524->128528 128526 4e93f30 RtlMoveMemory 128526->128528 128528->128511 128528->128516 128528->128524 128528->128526 128529 4e306c0 17 API calls 128528->128529 128599 4dc54a0 17 API calls 128528->128599 128600 4dc5790 22 API calls 128528->128600 128601 4e305f0 20 API calls 128528->128601 128602 4e93f10 RtlZeroMemory 128528->128602 128603 4dc7170 20 API calls 128528->128603 128604 4dc2340 17 API calls 128528->128604 128605 4dc59f0 20 API calls 128528->128605 128529->128528 128531 4dc79ec 128530->128531 128609 4e97a70 GetCurrentProcess GetCurrentProcess DuplicateHandle 128531->128609 128533 4e94070 17 API calls 128559 4dc79f9 128533->128559 128535 4dc7d47 128555 4e306c0 17 API calls 128555->128559 128559->128533 128559->128535 128559->128555 128560 4dc59f0 20 API calls 128559->128560 128560->128559 128561->128373 128563->128400 128564->128411 128565->128421 128566->128484 128567->128451 128568->128484 128569->128484 128570->128484 128572->128395 128573->128435 128587->128334 128588->128337 128589->128342 128590->128348 128591->128354 128592->128353 128593->128354 128594->128336 128595->128489 128596->128496 128597->128504 128598->128507 128599->128528 128600->128528 128601->128528 128602->128528 128603->128528 128604->128528 128605->128528 128606->128511 128607->128513 128609->128559 128620 4ddeb00 128622 4ddeb2a 128620->128622 128621 4ddf224 128623 4e13810 19 API calls 128621->128623 128622->128621 128624 4ddebd8 128622->128624 128627 4ddeb6f 128622->128627 128625 4ddf21a 128623->128625 128626 4ddebe7 128624->128626 128635 4ddec08 128624->128635 128629 4ddfbf2 128625->128629 128796 4e94070 17 API calls 128625->128796 128781 4e30640 20 API calls 128626->128781 128780 4e306a0 20 API calls 128627->128780 128631 4ddeba5 128633 4e308c0 21 API calls 128631->128633 128634 4ddebb6 128633->128634 128638 4e30700 20 API calls 128634->128638 128782 4e306a0 20 API calls 128635->128782 128636 4dded9c 128645 4e13810 19 API calls 128636->128645 128676 4ddee3c 128636->128676 128637 4ddec03 128637->128636 128783 4dc2160 21 API calls 128637->128783 128639 4ddebcc 128638->128639 128642 4e306c0 17 API calls 128639->128642 128641 4ddec58 128644 4e308c0 21 API calls 128641->128644 128642->128637 128646 4ddec69 128644->128646 128652 4ddeddc 128645->128652 128647 4e30700 20 API calls 128646->128647 128647->128639 128648 4ddecbb 128649 4dded90 128648->128649 128784 4e30a70 RtlCompareUnicodeString RtlMoveMemory 128648->128784 128650 4e306c0 17 API calls 128649->128650 128650->128636 128651 4ddf119 128653 4ddf13e 128651->128653 128793 4e94070 17 API calls 128651->128793 128661 4ddee22 128652->128661 128652->128676 128683 4ddeea3 128652->128683 128657 4ddf160 128653->128657 128794 4e94070 17 API calls 128653->128794 128654 4dc4c20 21 API calls 128666 4ddf086 128654->128666 128655 4ddf0ef 128655->128651 128792 4e94070 17 API calls 128655->128792 128660 4ddf21f 128657->128660 128670 4ddf175 128657->128670 128662 4e306c0 17 API calls 128660->128662 128664 4e13810 19 API calls 128661->128664 128662->128621 128664->128676 128665 4ddece8 128665->128649 128785 4dc6310 30 API calls 128665->128785 128666->128655 128668 4dc4c20 21 API calls 128666->128668 128671 4ddf0bb 128668->128671 128669 4dded13 128786 4dc2370 17 API calls 128669->128786 128675 4ddf1f0 128670->128675 128677 4ddf1c1 128670->128677 128790 4e53b20 21 API calls 128671->128790 128673 4ddf0c8 128673->128655 128791 4e74060 19 API calls 128673->128791 128704 4dde520 128675->128704 128676->128654 128676->128655 128678 4e306c0 17 API calls 128677->128678 128679 4ddf1cd 128678->128679 128684 4ddf1db 128679->128684 128795 4e94070 17 API calls 128679->128795 128682 4ddf20c 128685 4e306c0 17 API calls 128682->128685 128683->128676 128688 4dcd900 39 API calls 128683->128688 128685->128625 128687 4dded30 128787 4e93f30 RtlMoveMemory 128687->128787 128694 4ddef17 128688->128694 128690 4dded7a 128691 4e306c0 17 API calls 128690->128691 128691->128649 128692 4ddf011 128789 4dc8010 17 API calls 128692->128789 128694->128692 128695 4e30300 RtlMoveMemory 128694->128695 128696 4ddef7e 128695->128696 128696->128692 128697 4ddefae 128696->128697 128788 4dc8010 17 API calls 128697->128788 128706 4dde537 128704->128706 128705 4dde556 128707 4e306c0 17 API calls 128705->128707 128706->128705 128797 4e82d50 23 API calls 128706->128797 128709 4dde562 128707->128709 128709->128682 128710 4dde584 128710->128705 128711 4dde58a GetCurrentProcess GetCurrentProcess 128710->128711 128798 4e81e90 23 API calls 128711->128798 128713 4dde5a9 128714 4dde5eb 128713->128714 128715 4dde5b3 GetCurrentProcess GetCurrentProcess 128713->128715 128716 4dde5ef 128714->128716 128717 4dde5ca 128714->128717 128799 4e81e90 23 API calls 128715->128799 128719 4e306c0 17 API calls 128716->128719 128723 4dde5d0 128717->128723 128800 4e81930 23 API calls 128717->128800 128721 4dde5fb 128719->128721 128721->128682 128722 4dde622 128722->128723 128726 4dde6c3 128722->128726 128728 4dde632 128722->128728 128724 4e306c0 17 API calls 128723->128724 128725 4dde5dc 128724->128725 128725->128682 128944 4e81930 23 API calls 128726->128944 128730 4dde6b4 128728->128730 128731 4e30270 RtlZeroMemory 128728->128731 128729 4dde6db 128729->128723 128945 4ddd110 66 API calls 128729->128945 128928 4e85f30 128730->128928 128737 4dde66b 128731->128737 128733 4dde6be 128735 4e306c0 17 API calls 128733->128735 128736 4dde9ca 128735->128736 128736->128682 128801 4e81150 128737->128801 128739 4dde6a3 128927 4dd1db0 43 API calls 128739->128927 128740 4dde70a 128946 4e81c60 23 API calls 128740->128946 128743 4dde78c 128948 4dc1640 TlsGetValue TlsSetValue 128743->128948 128745 4dde795 128747 4e30270 RtlZeroMemory 128745->128747 128746 4dde739 128746->128723 128746->128743 128947 4dc4080 17 API calls 128746->128947 128749 4dde7af 128747->128749 128750 4e81150 102 API calls 128749->128750 128751 4dde7e6 128750->128751 128780->128631 128781->128637 128782->128641 128783->128648 128784->128665 128785->128669 128786->128687 128787->128690 128790->128673 128791->128655 128792->128651 128793->128653 128794->128657 128795->128684 128796->128629 128797->128710 128798->128713 128799->128717 128800->128722 128957 4e30ab0 GetLastError 128801->128957 128803 4e81160 TlsGetValue 128804 4e81174 128803->128804 128806 4e811f8 128803->128806 128811 4e30ae0 2 API calls 128804->128811 128805 4e8122d lstrcmpiA 128809 4e8124a 128805->128809 128810 4e8124f 128805->128810 128806->128805 128958 4e7eec0 19 API calls 128806->128958 128959 4e7da70 21 API calls 128809->128959 128814 4e813de 128810->128814 128815 4e8127f 128810->128815 128813 4e811ec 128811->128813 128813->128739 128820 4e8162e 128814->128820 128902 4e813d4 128814->128902 128816 4dc4c20 21 API calls 128815->128816 128817 4e8128d 128816->128817 128960 4e50510 27 API calls 128817->128960 128819 4e812a5 128822 4e30ae0 2 API calls 128820->128822 128825 4e81637 128822->128825 128823 4dc4c20 21 API calls 128826 4e81455 128823->128826 128825->128739 128982 4e50510 27 API calls 128826->128982 128902->128814 128902->128823 128927->128730 129012 4e30ab0 GetLastError 128928->129012 128930 4e85f3d TlsGetValue 128931 4e85f4d NtClose 128930->128931 128932 4e85f7f 128930->128932 128936 4e30ae0 2 API calls 128931->128936 128933 4dc8ef0 19 API calls 128932->128933 128935 4e85f9a 128933->128935 128943 4e85fc4 128935->128943 129013 4e13a80 43 API calls 128935->129013 128937 4e85f76 128936->128937 128937->128733 128939 4e30ae0 2 API calls 128942 4e85fe3 128939->128942 128940 4e85fba 128941 4e85f30 46 API calls 128940->128941 128941->128943 128942->128733 128943->128939 128944->128729 128945->128740 128946->128746 128947->128743 128948->128745 128957->128803 128958->128805 128959->128810 128960->128819 129012->128930 129013->128940 129014 4e14a80 129015 4dc8ef0 19 API calls 129014->129015 129016 4e14a97 GetCurrentProcess OpenProcessToken 129015->129016 129018 4e984ae GetTokenInformation 129016->129018 129027 4e9850c 129016->129027 129019 4e984da 129018->129019 129018->129027 129038 4ddfd20 129019->129038 129022 4e9851d RtlCreateSecurityDescriptor SetSecurityDescriptorOwner SetSecurityDescriptorGroup 129024 4e940c0 129022->129024 129023 4e98502 129023->129027 129042 4e94070 17 API calls 129023->129042 129026 4e98553 MakeSelfRelativeSD 129024->129026 129028 4e98577 129026->129028 129029 4e98596 129026->129029 129030 4ddfd20 17 API calls 129028->129030 129032 4e985aa 129029->129032 129043 4e93f30 RtlMoveMemory 129029->129043 129031 4e98585 MakeSelfRelativeSD 129030->129031 129031->129029 129034 4e985cc 129032->129034 129044 4e94070 17 API calls 129032->129044 129045 4e94070 17 API calls 129034->129045 129037 4e985d5 129039 4ddfd30 129038->129039 129041 4ddfd6a GetTokenInformation 129038->129041 129046 4e94070 17 API calls 129039->129046 129041->129022 129041->129023 129042->129027 129043->129032 129044->129034 129045->129037 129046->129041 127138 4e377c0 127139 4e37804 GetCurrentProcessId OpenProcess 127138->127139 127140 4e377de 127138->127140 127300 4e97780 127139->127300 127140->127139 127141 4e377e2 GetCurrentProcessId 127140->127141 127320 4e97b60 127141->127320 127144 4e3782a 127146 4e3783f wsprintfW CreateMutexW 127144->127146 127145 4e377f1 GetCurrentThreadId 127145->127139 127147 4e378a2 127146->127147 127148 4e3787c 127146->127148 127149 4e97780 8 API calls 127147->127149 127150 4e38080 127148->127150 127321 4e665a0 127148->127321 127151 4e378a8 127149->127151 127154 4e378bd wsprintfW CreateMutexW 127151->127154 127153 4e37893 127155 4e378f7 127154->127155 127156 4e37902 127154->127156 127155->127156 127160 4e665a0 2 API calls 127155->127160 127157 4e37932 127156->127157 127158 4e37916 OpenMutexW 127156->127158 127159 4e97780 8 API calls 127157->127159 127235 4e37938 127157->127235 127161 4dc1530 2 API calls 127158->127161 127162 4e3794d 127159->127162 127160->127156 127161->127157 127164 4e37962 wsprintfW CreateMutexW 127162->127164 127163 4e3806d 127163->127150 127171 4e665a0 2 API calls 127163->127171 127165 4e379a7 127164->127165 127166 4e3799c 127164->127166 127168 4e379d9 127165->127168 127169 4e379bd OpenMutexW 127165->127169 127166->127165 127172 4e665a0 2 API calls 127166->127172 127167 4e665a0 2 API calls 127167->127163 127170 4e97780 8 API calls 127168->127170 127168->127235 127173 4dc1530 2 API calls 127169->127173 127174 4e379f4 127170->127174 127171->127150 127172->127165 127173->127168 127305 4e94ba0 127174->127305 127177 4e94ba0 WaitForSingleObject 127178 4e37a0d 127177->127178 127179 4e37a1f wsprintfW CreateFileMappingW 127178->127179 127308 4dc1530 127179->127308 127181 4e37a65 127182 4e37a6b OpenFileMappingW 127181->127182 127183 4e37abe 127181->127183 127185 4dc1530 2 API calls 127182->127185 127184 4e97780 8 API calls 127183->127184 127187 4e37ac4 MapViewOfFile 127184->127187 127186 4e37a85 127185->127186 127186->127183 127188 4e37a8b 127186->127188 127189 4e37b03 127187->127189 127190 4e37ae2 127187->127190 127325 4e94bc0 ReleaseMutex 127188->127325 127192 4e37bbf GetCurrentProcessId 127189->127192 127333 4e93f10 RtlZeroMemory 127189->127333 127331 4e94bc0 ReleaseMutex 127190->127331 127313 4e36050 127192->127313 127194 4e37a94 127197 4e37aeb 127200 4e37b1d 127235->127163 127235->127167 127366 4e67b00 TlsGetValue TlsSetValue 127300->127366 127302 4e97792 127303 4e67b00 8 API calls 127302->127303 127304 4e9779f 127303->127304 127304->127144 127370 4e665e0 127305->127370 127307 4e37a01 127307->127177 127309 4dc1539 127308->127309 127310 4dc1562 127308->127310 127311 4e665a0 2 API calls 127309->127311 127312 4dc1544 127309->127312 127310->127181 127311->127312 127312->127181 127320->127145 127322 4e665cb CloseHandle 127321->127322 127323 4e665a9 NtClose 127321->127323 127323->127153 127325->127194 127331->127197 127333->127200 127367 4e67b32 NtSetSecurityObject TlsGetValue TlsSetValue 127366->127367 127368 4e67b5f NtSetSecurityObject TlsGetValue TlsSetValue 127366->127368 127367->127302 127368->127302 127371 4e6663c WaitForSingleObject 127370->127371 127372 4e665ed 127370->127372 127371->127307 127372->127307 127376 4e34940 127377 4e97bb0 127376->127377 127378 4e34965 wsprintfW CreateFileMappingW 127377->127378 127379 4e349c2 127378->127379 127380 4e349a2 OpenFileMappingW 127378->127380 127382 4e97780 8 API calls 127379->127382 127380->127379 127381 4e349b7 127380->127381 127383 4e349cc MapViewOfFile 127382->127383 127384 4e349f6 GetCurrentProcessId 127383->127384 127385 4e349ea 127383->127385 127405 4e31920 127384->127405 127387 4e34a17 CreateFileMappingW 127388 4e34ac9 127387->127388 127389 4e34a39 127387->127389 127390 4e97780 8 API calls 127389->127390 127391 4e34a3f MapViewOfFile 127390->127391 127391->127388 127392 4e34a5b 127391->127392 127393 4e34a62 GetCurrentProcessId 127392->127393 127394 4e31920 2 API calls 127393->127394 127395 4e34a8c CreateEventW 127394->127395 127395->127388 127396 4e34aa6 127395->127396 127397 4e97780 8 API calls 127396->127397 127398 4e34aac CreateEventW 127397->127398 127398->127388 127399 4e34abc CreateEventW 127398->127399 127399->127388 127400 4e34ad8 CreateThread 127399->127400 127403 4e34af4 127400->127403 127414 4e34920 127400->127414 127404 4e34b22 127403->127404 127408 4e31b90 CreateEventW 127403->127408 127409 4e341e0 CreateThread 127403->127409 127406 4e97bb0 127405->127406 127407 4e31939 wsprintfW wsprintfW 127406->127407 127407->127387 127408->127403 127410 4e3420c 127409->127410 127413 4e33970 43 API calls 127410->127413 127412 4e34225 127412->127403 127413->127412 127417 4e34250 75 API calls 127414->127417 127416 4e3492f 127417->127416 127418 4e4c4c0 127419 4e4c4ec NtQueryVolumeInformationFile 127418->127419 127420 4e4c0c0 127421 4e4c100 NtWriteFile 127420->127421 127422 4e4ca40 127423 4e4ca50 127422->127423 127424 4e4ca6f 127423->127424 127425 4e4ca68 TlsFree 127423->127425 127426 4e4ca83 127424->127426 127428 4e94070 17 API calls 127424->127428 127425->127424 127428->127426 127429 4e4c1c0 127430 4e4c1f6 NtCreateSection 127429->127430 129047 4e4ba80 129048 4e4bab6 NtDuplicateObject 129047->129048 129049 4e4c200 129050 4e4c245 NtMapViewOfSection 129049->129050 129051 4e4c500 129052 4e4c545 NtFsControlFile 129051->129052 127431 4e509c0 CreateEventW 127432 4e509f2 CreateThread 127431->127432 127433 4e509dc 127431->127433 127434 4e50a15 127432->127434 127435 4e50a20 127432->127435 127439 4e508d0 127432->127439 127433->127432 127436 4e665a0 2 API calls 127433->127436 127434->127435 127438 4e665a0 2 API calls 127434->127438 127437 4e509e7 127436->127437 127437->127432 127438->127435 127442 4e50820 WaitForMultipleObjectsEx WaitForMultipleObjectsEx 127439->127442 127441 4e508d9 127442->127441 129053 4e50700 129054 4e50717 129053->129054 129055 4e5071c 129053->129055 129058 4e50750 TlsGetValue 129054->129058 129057 4e5072f GetCurrentThreadId 129055->129057 129059 4e50785 129058->129059 129060 4e50763 129058->129060 129063 4e510d0 129060->129063 129062 4e50772 TlsSetValue 129062->129059 129064 4e510d7 129063->129064 129065 4e510f0 129064->129065 129068 4e50ef0 GetCurrentThreadId VirtualAlloc 129064->129068 129065->129062 129069 4e50f91 129068->129069 129070 4e50fc2 CreateMutexW 129068->129070 129069->129070 129071 4e50fe1 129070->129071 129072 4e50ff0 GetCurrentThreadId OpenThread 129070->129072 129071->129072 129073 4e50fe6 CloseHandle 129071->129073 129076 4e51027 129072->129076 129077 4e5101d 129072->129077 129073->129072 129074 4e50fed 129073->129074 129074->129072 129076->129062 129077->129076 129078 4e51022 CloseHandle 129077->129078 129078->129076 127443 4e6e640 127574 4e30ab0 GetLastError 127443->127574 127445 4e6e653 NtDeviceIoControlFile 127447 4e6ebc9 127445->127447 127450 4e6e6c9 127445->127450 127448 4e30ae0 2 API calls 127447->127448 127449 4e6ebd2 127448->127449 127450->127447 127451 4e30620 19 API calls 127450->127451 127452 4e6e6fc 127451->127452 127453 4e6e710 127452->127453 127477 4e6e773 127452->127477 127575 4e50510 27 API calls 127453->127575 127454 4e6e7e7 127458 4e6ebc0 127454->127458 127459 4e6e7ff 127454->127459 127456 4e6e747 127576 4e4f5c0 23 API calls 127456->127576 127462 4e306c0 17 API calls 127458->127462 127582 4e50510 27 API calls 127459->127582 127460 4e6e74e 127577 4e4d430 19 API calls 127460->127577 127462->127447 127463 4e6e755 127578 4e4f610 30 API calls 127463->127578 127466 4e6e836 127583 4e4f5c0 23 API calls 127466->127583 127467 4e6e75c 127579 4e4d430 19 API calls 127467->127579 127470 4e6e83d 127584 4e4d430 19 API calls 127470->127584 127471 4e6e763 127580 4e4d430 19 API calls 127471->127580 127474 4e6e76a 127581 4e4d390 21 API calls 127474->127581 127475 4e6e844 127585 4e4f610 30 API calls 127475->127585 127477->127454 127482 4e6e867 127477->127482 127479 4e6e84b 127586 4e4d430 19 API calls 127479->127586 127481 4e6e852 127587 4e4d430 19 API calls 127481->127587 127484 4e30620 19 API calls 127482->127484 127486 4e6e878 127484->127486 127485 4e6e859 127588 4e4d390 21 API calls 127485->127588 127589 4e308c0 127486->127589 127489 4e6e862 127489->127458 127492 4e6e89c 127493 4e6e8c5 NtOpenFile 127492->127493 127494 4e6e97e 127493->127494 127495 4e6e8e0 127493->127495 127506 4e6ea23 127494->127506 127607 4dc4ec0 20 API calls 127494->127607 127495->127494 127597 4e4f790 31 API calls 127495->127597 127498 4e6e9bd 127608 4e50510 27 API calls 127498->127608 127499 4e6e918 127598 4e50510 27 API calls 127499->127598 127502 4e6e93d 127599 4e4f5c0 23 API calls 127502->127599 127503 4e6eb2c 127508 4e6eb48 127503->127508 127509 4e6eb38 127503->127509 127504 4e6e9e2 127609 4e4f5c0 23 API calls 127504->127609 127507 4e6eab2 127506->127507 127617 4e50510 27 API calls 127506->127617 127507->127503 127624 4e50510 27 API calls 127507->127624 127522 4e6eb78 127508->127522 127523 4e6eb68 127508->127523 127631 4dc4050 CloseHandle 127509->127631 127511 4e6e944 127600 4e4d430 19 API calls 127511->127600 127513 4e6e9e9 127610 4e4d430 19 API calls 127513->127610 127517 4e6eb46 127528 4e306c0 17 API calls 127517->127528 127519 4e6e94b 127601 4e4f610 30 API calls 127519->127601 127520 4e6ea86 127618 4e4f5c0 23 API calls 127520->127618 127521 4e6eb00 127625 4e4f5c0 23 API calls 127521->127625 127633 4e93f30 RtlMoveMemory 127522->127633 127632 4dc4050 CloseHandle 127523->127632 127524 4e6e9f0 127611 4e4f610 30 API calls 127524->127611 127528->127458 127531 4e6e9f7 127612 4e4d430 19 API calls 127531->127612 127532 4e6e952 127602 4e4d430 19 API calls 127532->127602 127533 4e6ea8d 127619 4e4d430 19 API calls 127533->127619 127534 4e6eb07 127626 4e4d430 19 API calls 127534->127626 127540 4e6e9fe 127613 4e506a0 23 API calls 127540->127613 127541 4e6eb95 127541->127517 127551 4e6eba5 CloseHandle 127541->127551 127542 4e6e959 127603 4e506a0 23 API calls 127542->127603 127543 4e6ea94 127620 4e4f610 30 API calls 127543->127620 127544 4e6eb0e 127627 4e4f610 30 API calls 127544->127627 127549 4e6eb15 127628 4e4d430 19 API calls 127549->127628 127550 4e6ea05 127614 4e4d430 19 API calls 127550->127614 127551->127517 127552 4e6e960 127604 4e4d430 19 API calls 127552->127604 127553 4e6ea9b 127621 4e4d430 19 API calls 127553->127621 127558 4e6eb1c 127629 4e4d430 19 API calls 127558->127629 127561 4e6eaa2 127622 4e4d430 19 API calls 127561->127622 127566 4e6eaa9 127623 4e4d390 21 API calls 127566->127623 127567 4e6eb23 127630 4e4d390 21 API calls 127567->127630 127574->127445 127575->127456 127576->127460 127577->127463 127578->127467 127579->127471 127580->127474 127581->127477 127582->127466 127583->127470 127584->127475 127585->127479 127586->127481 127587->127485 127588->127489 127634 4e302e0 RtlInitUnicodeString 127589->127634 127591 4e308d4 127635 4e30700 127591->127635 127594 4e30270 127643 4e93f10 RtlZeroMemory 127594->127643 127596 4e3027b 127596->127492 127597->127499 127598->127502 127599->127511 127600->127519 127601->127532 127602->127542 127603->127552 127607->127498 127608->127504 127609->127513 127610->127524 127611->127531 127612->127540 127613->127550 127617->127520 127618->127533 127619->127543 127620->127553 127621->127561 127622->127566 127623->127507 127624->127521 127625->127534 127626->127544 127627->127549 127628->127558 127629->127567 127630->127503 127631->127517 127632->127517 127633->127541 127634->127591 127636 4e30748 127635->127636 127637 4e30718 127635->127637 127642 4e93f30 RtlMoveMemory 127636->127642 127641 4e304d0 20 API calls 127637->127641 127640 4e3075f 127640->127594 127641->127636 127642->127640 127643->127596 129079 4e65880 129095 4e93f30 RtlMoveMemory 129079->129095 129081 4e65899 GetSystemInfo 129096 4e93f10 RtlZeroMemory 129081->129096 129083 4e658b3 VirtualQuery 129097 4e97e30 VirtualAlloc 129083->129097 129085 4e658d4 129091 4e65a05 129085->129091 129098 4e93f30 RtlMoveMemory 129085->129098 129087 4e65902 129099 4e93f30 RtlMoveMemory 129087->129099 129089 4e6592a 129100 4e97e30 VirtualAlloc 129089->129100 129093 4e659e4 GetCurrentProcess FlushInstructionCache 129093->129091 129094 4e65963 129094->129091 129101 4e93f30 RtlMoveMemory 129094->129101 129095->129081 129096->129083 129097->129085 129098->129087 129099->129089 129100->129094 129101->129093 127644 4e8e6c0 127651 4e53520 22 API calls 127644->127651 127646 4e8e6d3 127652 4e66e10 127646->127652 127649 4e8e712 127651->127646 127666 4e30ab0 GetLastError 127652->127666 127654 4e66e1d 127667 4dff5c0 127654->127667 127674 4ddb9d0 127654->127674 127888 4e30b00 SetErrorMode 127654->127888 127655 4e66e4e 127889 4e30ac0 GetLastError 127655->127889 127657 4e66e59 127658 4e66e7a 127657->127658 127659 4e66e70 CloseHandle 127657->127659 127660 4e30ae0 2 API calls 127658->127660 127659->127658 127661 4e66e83 127660->127661 127661->127649 127665 4e94070 17 API calls 127661->127665 127665->127649 127666->127654 127668 4e30270 RtlZeroMemory 127667->127668 127669 4dff5e8 127668->127669 127670 4dff61f NtOpenFile 127669->127670 127671 4dff63d 127670->127671 127672 4dff632 127670->127672 127671->127655 127672->127671 127673 4e665a0 2 API calls 127672->127673 127673->127671 127675 4ddb9f3 127674->127675 127676 4ddb9fa 127675->127676 127677 4ddba51 127675->127677 127942 4e50510 27 API calls 127676->127942 127890 4e30ab0 GetLastError 127677->127890 127680 4ddba5a 127682 4e30270 RtlZeroMemory 127680->127682 127681 4ddba22 127943 4e4f5c0 23 API calls 127681->127943 127684 4ddba7d 127682->127684 127687 4ddba88 RtlDosPathNameToNtPathName_U 127684->127687 127685 4ddba29 127944 4e4f5c0 23 API calls 127685->127944 127722 4ddba98 127687->127722 127878 4ddc774 127687->127878 127688 4ddba30 127945 4e4d430 19 API calls 127688->127945 127690 4ddba37 127946 4e4f5c0 23 API calls 127690->127946 127692 4ddc78b 127965 4e50510 27 API calls 127692->127965 127693 4ddba3e 127947 4e4f5c0 23 API calls 127693->127947 127696 4ddc7b0 127966 4e4f5c0 23 API calls 127696->127966 127697 4ddba45 127948 4e4d390 21 API calls 127697->127948 127701 4ddc7f0 127707 4e4aa60 17 API calls 127701->127707 127702 4ddc7b7 127967 4e4f5c0 23 API calls 127702->127967 127704 4ddc7be 127968 4e4d430 19 API calls 127704->127968 127800 4ddc819 127707->127800 127708 4ddc7c5 127969 4e4f5c0 23 API calls 127708->127969 127710 4ddc7cc 127970 4e4f5c0 23 API calls 127710->127970 127711 4ddc835 127717 4e30ae0 2 API calls 127711->127717 127713 4e30ae0 2 API calls 127715 4ddcf51 127713->127715 127714 4ddc7d3 127971 4e4d390 21 API calls 127714->127971 127715->127655 127719 4ddc846 127717->127719 127719->127655 127720 4ddc852 127721 4e4aa60 17 API calls 127720->127721 127723 4ddc872 127721->127723 127722->127720 127725 4df91e0 RtlInitUnicodeString 127722->127725 127727 4ddc883 127722->127727 127733 4ddc8d8 127722->127733 127741 4def260 88 API calls 127722->127741 127744 4ddcb6e 127722->127744 127745 4e30620 19 API calls 127722->127745 127747 4ddcd02 127722->127747 127750 4e302e0 RtlInitUnicodeString 127722->127750 127752 4dedad0 114 API calls 127722->127752 127769 4dff5c0 4 API calls 127722->127769 127772 4ddc1f5 127722->127772 127774 4ddcdb8 127722->127774 127778 4ddcc08 127722->127778 127779 4ddc42c 127722->127779 127780 4e306c0 17 API calls 127722->127780 127785 4dc4280 17 API calls 127722->127785 127871 4e4aa60 17 API calls 127722->127871 127875 4e30270 RtlZeroMemory 127722->127875 127876 4ddce8b 127722->127876 127877 4ddc761 RtlDosPathNameToNtPathName_U 127722->127877 127891 4e30300 127722->127891 127894 4dcd900 127722->127894 127913 4dff150 127722->127913 127949 4df9220 RtlInitUnicodeString 127722->127949 127953 4df6e30 65 API calls 127722->127953 127963 4df5cd0 73 API calls 127722->127963 127964 4e30260 RtlFreeAnsiString 127722->127964 127724 4e306c0 17 API calls 127723->127724 127726 4ddc7dc 127724->127726 127725->127722 127972 4e30260 RtlFreeAnsiString 127726->127972 127728 4e4aa60 17 API calls 127727->127728 127729 4ddc8c7 127728->127729 127731 4e306c0 17 API calls 127729->127731 127731->127726 127732 4ddca66 127975 4dd1e60 54 API calls 127732->127975 127733->127732 127863 4ddc922 127733->127863 127734 4ddcabd 127735 4e4aa60 17 API calls 127734->127735 127736 4ddcb06 127735->127736 127737 4e306c0 17 API calls 127736->127737 127738 4ddcb12 127737->127738 127976 4e30260 RtlFreeAnsiString 127738->127976 127740 4ddcb1b 127743 4e4aa60 17 API calls 127740->127743 127741->127722 127746 4ddcb40 127743->127746 127748 4ddcb82 127744->127748 127758 4ddcba7 127744->127758 127745->127722 127753 4e30ae0 2 API calls 127746->127753 127757 4ddcd16 127747->127757 127770 4ddcd47 127747->127770 127977 4e50510 27 API calls 127748->127977 127749 4e4f610 30 API calls 127749->127863 127750->127722 127752->127722 127755 4ddcb61 127753->127755 127754 4ddcb97 127978 4e4f5c0 23 API calls 127754->127978 127755->127655 127989 4e50510 27 API calls 127757->127989 127764 4e4aa60 17 API calls 127758->127764 127759 4ddcb9e 127979 4e4d390 21 API calls 127759->127979 127763 4ddcd30 127990 4e4f5c0 23 API calls 127763->127990 127768 4ddcbda 127764->127768 127765 4e4f6b0 24 API calls 127765->127863 127773 4e306c0 17 API calls 127768->127773 127769->127722 127781 4e4aa60 17 API calls 127770->127781 127771 4ddcd37 127991 4e4f5c0 23 API calls 127771->127991 127950 4e50510 27 API calls 127772->127950 127951 4e4f5c0 23 API calls 127772->127951 127952 4e4d390 21 API calls 127772->127952 127777 4ddcbe6 127773->127777 127794 4ddcdcc 127774->127794 127816 4ddcdfd 127774->127816 127980 4e30260 RtlFreeAnsiString 127777->127980 127790 4ddcc1c 127778->127790 127791 4ddcc74 127778->127791 127789 4ddc440 127779->127789 127813 4ddc471 127779->127813 127780->127722 127784 4ddcd8a 127781->127784 127782 4ddcd3e 127992 4e4d390 21 API calls 127782->127992 127792 4e306c0 17 API calls 127784->127792 127785->127722 127787 4ddcbef 127795 4e4aa60 17 API calls 127787->127795 127954 4e50510 27 API calls 127789->127954 127981 4e50510 27 API calls 127790->127981 127809 4e306c0 17 API calls 127791->127809 127798 4ddcd96 127792->127798 127994 4e50510 27 API calls 127794->127994 127795->127800 127993 4e30260 RtlFreeAnsiString 127798->127993 127800->127711 127887 4ddcf3c 127800->127887 127801 4ddc45a 127955 4e4f5c0 23 API calls 127801->127955 127802 4ddcc48 127982 4e4f5c0 23 API calls 127802->127982 127804 4ddcde6 127995 4e4f5c0 23 API calls 127804->127995 127807 4ddcd9f 127812 4e4aa60 17 API calls 127807->127812 127815 4ddcc8b 127809->127815 127810 4ddc461 127956 4e4f5c0 23 API calls 127810->127956 127811 4ddcc4f 127983 4e4f5c0 23 API calls 127811->127983 127812->127800 127958 4e4aa60 127813->127958 127814 4ddcded 127996 4e4f5c0 23 API calls 127814->127996 127820 4e306c0 17 API calls 127815->127820 127821 4e4aa60 17 API calls 127816->127821 127826 4ddcc97 127820->127826 127827 4ddce48 127821->127827 127822 4ddc468 127957 4e4d390 21 API calls 127822->127957 127823 4ddcc56 127984 4e4f610 30 API calls 127823->127984 127825 4ddcdf4 127997 4e4d390 21 API calls 127825->127997 127840 4e4aa60 17 API calls 127826->127840 127832 4e306c0 17 API calls 127827->127832 127837 4ddce54 127832->127837 127833 4e4f5c0 23 API calls 127833->127863 127834 4ddcc5d 127985 4e4f5c0 23 API calls 127834->127985 127836 4e306c0 17 API calls 127839 4ddc4c8 127836->127839 127998 4e30260 RtlFreeAnsiString 127837->127998 127962 4e30260 RtlFreeAnsiString 127839->127962 127841 4ddccbf 127840->127841 127845 4e306c0 17 API calls 127841->127845 127843 4ddcc64 127986 4e4f5c0 23 API calls 127843->127986 127849 4ddcccb 127845->127849 127846 4ddce5d 127850 4e4aa60 17 API calls 127846->127850 127848 4ddc4d1 127853 4e4aa60 17 API calls 127848->127853 127988 4e30260 RtlFreeAnsiString 127849->127988 127855 4ddce66 127850->127855 127852 4ddcc6b 127987 4e4d390 21 API calls 127852->127987 127857 4ddc4da 127853->127857 127859 4ddce6e 127855->127859 127855->127887 127861 4ddc4e2 127857->127861 127857->127887 127858 4ddccd4 127862 4e4aa60 17 API calls 127858->127862 127867 4e30ae0 2 API calls 127859->127867 127860 4e306c0 17 API calls 127860->127863 127866 4e30ae0 2 API calls 127861->127866 127864 4ddccdd 127862->127864 127863->127749 127863->127765 127863->127833 127863->127860 127865 4e306c0 17 API calls 127863->127865 127973 4e50510 27 API calls 127863->127973 127974 4e4d390 21 API calls 127863->127974 127870 4ddcce5 127864->127870 127864->127887 127865->127733 127868 4ddc4f3 127866->127868 127869 4ddce7f 127867->127869 127868->127655 127869->127655 127872 4e30ae0 2 API calls 127870->127872 127871->127722 127873 4ddccf6 127872->127873 127873->127655 127875->127722 127879 4e4aa60 17 API calls 127876->127879 127877->127722 127877->127878 127878->127692 127878->127726 127880 4ddcefe 127879->127880 127882 4e306c0 17 API calls 127880->127882 127883 4ddcf0a 127882->127883 127999 4e30260 RtlFreeAnsiString 127883->127999 127885 4ddcf13 127886 4e4aa60 17 API calls 127885->127886 127886->127887 127887->127713 127888->127655 127889->127657 127890->127680 128000 4e93f30 RtlMoveMemory 127891->128000 127893 4e30310 127893->127722 127895 4dcd91b 127894->127895 127896 4dcd92c 127894->127896 127897 4dc8ef0 19 API calls 127895->127897 127899 4dcd949 127896->127899 128001 4dc1920 21 API calls 127896->128001 127897->127896 127899->127722 127900 4dcda62 127901 4e306c0 17 API calls 127900->127901 127902 4dcda6e 127901->127902 127902->127722 127903 4dcd975 127903->127900 128002 4dfe890 21 API calls 127903->128002 127905 4dcda02 128003 4df4150 22 API calls 127905->128003 127907 4dcda3c 127908 4e306c0 17 API calls 127907->127908 127909 4dcda4d 127908->127909 127910 4e306c0 17 API calls 127909->127910 127911 4dcda59 127910->127911 127912 4e306c0 17 API calls 127911->127912 127912->127900 127914 4e30270 RtlZeroMemory 127913->127914 127915 4dff181 127914->127915 127916 4dff1b5 NtOpenFile 127915->127916 127919 4dff1c1 127916->127919 127929 4dff260 127916->127929 127917 4dff38e 127918 4dff3a4 127917->127918 127923 4e665a0 2 API calls 127917->127923 127918->127722 127921 4e30620 19 API calls 127919->127921 127919->127929 127924 4dff1ef 127921->127924 127922 4e30300 RtlMoveMemory 127922->127929 127923->127918 127925 4e308c0 21 API calls 127924->127925 127926 4dff1fd 127925->127926 127927 4e30270 RtlZeroMemory 127926->127927 127931 4dff219 127927->127931 127928 4dff2d0 NtQueryDirectoryFile 127928->127929 127929->127917 127929->127922 127929->127928 127930 4dff35b 127929->127930 127933 4dff300 127929->127933 128004 4e94070 17 API calls 127929->128004 127930->127917 128008 4e94070 17 API calls 127930->128008 127934 4dff253 NtOpenFile 127931->127934 128005 4e30640 20 API calls 127933->128005 127936 4e306c0 17 API calls 127934->127936 127936->127929 127937 4dff32b 127938 4dff36a 127937->127938 127940 4dff332 127937->127940 128007 4e306a0 20 API calls 127938->128007 128006 4e30640 20 API calls 127940->128006 127942->127681 127943->127685 127944->127688 127945->127690 127946->127693 127947->127697 127948->127677 127949->127722 127950->127772 127951->127772 127952->127722 127953->127722 127954->127801 127955->127810 127956->127822 127957->127813 127959 4ddc4bc 127958->127959 127961 4e4aa6e 127958->127961 127959->127836 127961->127959 128009 4e94070 17 API calls 127961->128009 127962->127848 127963->127722 127964->127722 127965->127696 127966->127702 127967->127704 127968->127708 127969->127710 127970->127714 127971->127726 127972->127701 127973->127863 127974->127863 127975->127734 127976->127740 127977->127754 127978->127759 127979->127758 127980->127787 127981->127802 127982->127811 127983->127823 127984->127834 127985->127843 127986->127852 127987->127791 127988->127858 127989->127763 127990->127771 127991->127782 127992->127770 127993->127807 127994->127804 127995->127814 127996->127825 127997->127816 127998->127846 127999->127885 128000->127893 128001->127903 128002->127905 128003->127907 128004->127929 128005->127937 128006->127930 128007->127930 128008->127917 128009->127961 129102 4e8e280 129103 4e8e38f 129102->129103 129104 4e8e293 GetProcessHeap HeapAlloc GetModuleFileNameW 129102->129104 129105 4e8e2f8 GetProcessHeap HeapFree 129104->129105 129106 4e8e2c6 129104->129106 129107 4e8e2ca GetProcessHeap HeapFree GetProcessHeap HeapAlloc GetModuleFileNameW 129106->129107 129108 4e8e310 129106->129108 129107->129105 129107->129106 129108->129103 129109 4e8e314 CreateFileW GetProcessHeap HeapFree 129108->129109 129109->129103 129110 4e8e33d CreateFileMappingW 129109->129110 129111 4e8e388 CloseHandle 129110->129111 129112 4e8e354 GetFileSize MapViewOfFile 129110->129112 129111->129103 129113 4e8e381 CloseHandle 129112->129113 129114 4e8e373 129112->129114 129113->129111 129117 4e8df80 CreateFileMappingW 129114->129117 129116 4e8e37a UnmapViewOfFile 129116->129113 129118 4e8df9d 129117->129118 129119 4e8dfa2 MapViewOfFile 129117->129119 129118->129116 129120 4e8dfe2 CloseHandle 129119->129120 129121 4e8dfb7 GetModuleHandleW GetProcAddress 129119->129121 129120->129116 129122 4e8dfd7 UnmapViewOfFile 129121->129122 129122->129120 129123 4e8dff1 129122->129123 129123->129116 129124 4e90000 129125 4e8ff80 13 API calls 129124->129125 129126 4e90019 129125->129126 129127 4e9003b 129126->129127 129128 4e90021 129126->129128 129143 4e90b90 129127->129143 129129 4e90031 129128->129129 129278 4e3fd70 InterlockedExchange InterlockedDecrement ReleaseSemaphore 129128->129278 129132 4e90052 129279 4e8e0e0 6 API calls 129132->129279 129134 4e90074 129136 4e900a8 GetProcessHeap HeapFree 129134->129136 129137 4e900bd 129134->129137 129135 4e90147 129139 4e90180 129135->129139 129140 4e90150 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle SuspendThread 129135->129140 129136->129137 129141 4e900e7 129137->129141 129280 4e8cc80 48 API calls 129137->129280 129140->129139 129141->129135 129281 4e3fd70 InterlockedExchange InterlockedDecrement ReleaseSemaphore 129141->129281 129144 4e90bc7 129143->129144 129146 4e90bab GetTickCount 129143->129146 129144->129146 129320 4e35ff0 GetCurrentProcessId GetCurrentThreadId 129144->129320 129282 4e51440 InterlockedCompareExchange 129146->129282 129151 4e90c1b 6 API calls 129152 4e90c6c GetCurrentProcess IsWow64Process 129151->129152 129153 4e90c7e 58 API calls 129151->129153 129152->129153 129300 4e93f10 RtlZeroMemory 129153->129300 129155 4e90f9d VirtualAlloc 129301 4e93f30 RtlMoveMemory 129155->129301 129157 4e90fc5 129302 4e9cd00 129157->129302 129160 4e9104e InitializeSecurityDescriptor SetSecurityDescriptorDacl VirtualAlloc 129162 4e91930 GetSystemInfo 129160->129162 129161 4e91003 GetSecurityDescriptorSacl 129161->129160 129163 4e9102c InitializeSecurityDescriptor SetSecurityDescriptorSacl 129161->129163 129164 4e9108f 129162->129164 129163->129160 129165 4e918fa 129164->129165 129166 4e9109a GetSystemInfo GetVersionExW 129164->129166 129165->129132 129167 4e910ca 129166->129167 129168 4e91113 RtlUpcaseUnicodeChar 129167->129168 129168->129168 129170 4e9112f 129168->129170 129169 4e9114f GetCurrentProcess OpenProcessToken 129173 4e9117e GetTokenInformation 129169->129173 129174 4e91233 RtlInitUnicodeString 129169->129174 129170->129169 129171 4dc1cf0 18 API calls 129170->129171 129171->129169 129175 4e911a2 129173->129175 129176 4e91226 FindCloseChangeNotification 129173->129176 129177 4e91250 129174->129177 129179 4e911aa GetTokenInformation 129175->129179 129176->129174 129177->129177 129178 4e9125b GetProcessHeap HeapAlloc 129177->129178 129180 4e91280 129178->129180 129181 4e91219 129179->129181 129182 4e911c7 ConvertSidToStringSidW 129179->129182 129180->129180 129307 4e93f30 RtlMoveMemory 129180->129307 129181->129176 129322 4e94070 17 API calls 129181->129322 129183 4dc25c0 19 API calls 129182->129183 129186 4e911f1 129183->129186 129189 4dc25c0 19 API calls 129186->129189 129187 4e9129b LoadLibraryW 129190 4e912b2 GetProcAddress GetProcAddress GetProcAddress 129187->129190 129208 4e91486 129187->129208 129188 4e91223 129188->129176 129191 4e91201 129189->129191 129192 4e912ed FindResourceW LoadResource LockResource SizeofResource 129190->129192 129193 4e91342 9 API calls 129190->129193 129197 4e9120e LocalFree 129191->129197 129321 4e94070 17 API calls 129191->129321 129192->129193 129194 4e91322 129192->129194 129195 4e913c8 GetLastError 129193->129195 129196 4e91401 GetCurrentProcessId 129193->129196 129194->129193 129195->129196 129197->129181 129202 4e914af RegCloseKey 129203 4e914b2 129202->129203 129205 4e914bc 129203->129205 129323 4e94070 17 API calls 129203->129323 129208->129202 129208->129203 129278->129129 129279->129134 129280->129141 129281->129135 129283 4e51453 HeapCreate LoadLibraryW GetProcAddress 129282->129283 129284 4e514ae 129282->129284 129285 4e51488 129283->129285 129287 4e94bd0 GetCurrentProcessId 129284->129287 129286 4e51492 RtlUpcaseUnicodeChar 129285->129286 129286->129284 129286->129286 129288 4e97bb0 129287->129288 129289 4e94bf8 wsprintfW ConvertStringSecurityDescriptorToSecurityDescriptorW CreateMutexW 129288->129289 129290 4e94c59 LocalFree 129289->129290 129291 4e94c60 129289->129291 129290->129291 129292 4e94c70 GetModuleHandleW GetProcAddress 129291->129292 129293 4e94c64 129291->129293 129294 4e94d6e 129292->129294 129295 4e94c92 ConvertStringSecurityDescriptorToSecurityDescriptorW 129292->129295 129293->129151 129294->129151 129296 4e94cce GetSecurityDescriptorSacl 129295->129296 129297 4e94d14 InitializeSecurityDescriptor SetSecurityDescriptorDacl NtSetSecurityObject NtSetSecurityObject 129295->129297 129296->129297 129298 4e94cf4 InitializeSecurityDescriptor SetSecurityDescriptorSacl 129296->129298 129297->129294 129299 4e94d67 LocalFree 129297->129299 129298->129297 129299->129294 129300->129155 129301->129157 129303 4e90fe0 ConvertStringSecurityDescriptorToSecurityDescriptorW 129302->129303 129306 4e9cd13 129302->129306 129303->129160 129303->129161 129304 4e9cd7b InterlockedCompareExchange 129305 4e9cd98 RtlAddVectoredExceptionHandler 129304->129305 129304->129306 129305->129303 129306->129304 129307->129187 129320->129146 129322->129188 129323->129205 129327 4dc4830 129328 4dc4850 129327->129328 129329 4dc4840 129327->129329 129330 4dc486a 129328->129330 129333 4e94070 17 API calls 129328->129333 129329->129328 129331 4dc4845 CloseHandle 129329->129331 129331->129328 129333->129330 129334 4ddd7b0 129335 4e13810 19 API calls 129334->129335 129338 4ddd7d2 129335->129338 129336 4ddd832 129337 4ddd8e1 129336->129337 129340 4ddd875 GetCurrentProcess GetCurrentProcess DuplicateHandle 129336->129340 129338->129336 129339 4ddd7e8 129338->129339 129363 4dd8b10 87 API calls 129338->129363 129341 4ddd89d 129340->129341 129346 4dd18f0 129341->129346 129345 4ddd8da CloseHandle 129345->129337 129347 4dc8ac0 13 API calls 129346->129347 129348 4dd1905 129347->129348 129349 4dc8ef0 19 API calls 129348->129349 129350 4dd1916 129349->129350 129351 4dd1928 129350->129351 129374 4e9c8c0 34 API calls 129350->129374 129364 4dc5c60 129351->129364 129356 4dd1960 129357 4dc9510 16 API calls 129356->129357 129358 4dc9730 16 API calls 129356->129358 129359 4dd1a35 129356->129359 129357->129356 129358->129356 129360 4dd1aa5 129359->129360 129361 4dd1a75 InterlockedExchange 129359->129361 129360->129337 129360->129345 129361->129360 129362 4dd1a8d InterlockedDecrement ReleaseSemaphore 129361->129362 129362->129360 129363->129336 129365 4dc5c69 129364->129365 129367 4dc5c9b 129365->129367 129375 4e67ef0 GetCurrentProcess GetCurrentProcess DuplicateHandle 129365->129375 129368 4dc9330 129367->129368 129369 4dc8ac0 13 API calls 129368->129369 129370 4dc9344 129369->129370 129371 4dc93e8 129370->129371 129372 4dc93b2 InterlockedExchange 129370->129372 129371->129356 129372->129371 129373 4dc93cf InterlockedDecrement ReleaseSemaphore 129372->129373 129373->129371 129374->129351 129375->129367 129376 4e7e216 129381 4e7e220 129376->129381 129377 4e50510 27 API calls 129394 4e7e238 129377->129394 129378 4e7ecb9 129382 4e7ed21 129378->129382 129383 4e7eccd 129378->129383 129379 4e4d430 19 API calls 129379->129394 129381->129378 129381->129394 129396 4e7ed39 129381->129396 129402 4e7e79f CreateProcessW 129381->129402 129404 4e7e7b8 GetCurrentProcess 129381->129404 129410 4e7eda5 129381->129410 129421 4e94070 17 API calls 129381->129421 129422 4dc1cf0 18 API calls 129381->129422 129425 4dff070 21 API calls 129381->129425 129426 4dc25c0 19 API calls 129381->129426 129449 4e694f0 129381->129449 129456 4e7cad0 129381->129456 129670 4e99410 21 API calls 129381->129670 129671 4e994d0 21 API calls 129381->129671 129386 4e30ae0 2 API calls 129382->129386 129678 4e50510 27 API calls 129383->129678 129388 4e7ed2a 129386->129388 129389 4e7ecf2 129679 4e4d430 19 API calls 129389->129679 129392 4e7ecf9 129680 4e4f6b0 24 API calls 129392->129680 129394->129377 129394->129379 129394->129381 129394->129404 129435 4e7edc6 129394->129435 129436 4e7ebb9 TerminateProcess 129394->129436 129437 4e94070 17 API calls 129394->129437 129439 4e7ede1 129394->129439 129447 4e7ee1f 129394->129447 129666 4e4f6b0 24 API calls 129394->129666 129667 4e4f5c0 23 API calls 129394->129667 129668 4e4d390 21 API calls 129394->129668 129669 4e4d390 21 API calls 129394->129669 129685 4e695a0 17 API calls 129396->129685 129397 4e7ed00 129681 4e4f5c0 23 API calls 129397->129681 129400 4e7ed07 129682 4e4f6b0 24 API calls 129400->129682 129402->129381 129402->129396 129672 4e978e0 IsWow64Process 129404->129672 129405 4e7ed8d 129409 4e30ae0 2 API calls 129405->129409 129406 4e7ed0e 129683 4e4f5c0 23 API calls 129406->129683 129412 4e7ed96 129409->129412 129686 4e695a0 17 API calls 129410->129686 129414 4e7ed15 129684 4e4d390 21 API calls 129414->129684 129417 4e7edae 129419 4e30ae0 2 API calls 129417->129419 129420 4e7edb7 129419->129420 129421->129381 129422->129381 129424 4e7e88f memcpy 129434 4e7e7df 129424->129434 129425->129381 129426->129381 129427 4e94070 17 API calls 129427->129434 129428 4e98f90 21 API calls 129428->129434 129429 4e7eaf0 GetCurrentProcessId GetConsoleWindow 129677 4e78400 110 API calls 129429->129677 129430 4e7e9e3 GetCurrentProcessId GetConsoleWindow 129676 4e764a0 206 API calls 129430->129676 129434->129427 129434->129428 129434->129429 129434->129430 129673 4e9bbf0 23 API calls 129434->129673 129674 4e94070 17 API calls 129434->129674 129675 4e68cb0 10 API calls 129434->129675 129438 4e7edd0 129435->129438 129435->129447 129436->129394 129437->129394 129438->129439 129440 4e7edda ResumeThread 129438->129440 129442 4e7ee92 129439->129442 129687 4e94070 17 API calls 129439->129687 129440->129439 129441 4e7ee7d ResumeThread 129441->129439 129688 4e695a0 17 API calls 129442->129688 129445 4e7ee9e 129446 4e30ae0 2 API calls 129445->129446 129448 4e7eea7 129446->129448 129447->129439 129447->129441 129450 4dc1cf0 18 API calls 129449->129450 129451 4e69544 129450->129451 129452 4dc1cf0 18 API calls 129451->129452 129453 4e6955c 129452->129453 129454 4dc1cf0 18 API calls 129453->129454 129455 4e69574 129454->129455 129455->129381 129457 4dc1cf0 18 API calls 129456->129457 129458 4e7cafe 129457->129458 129459 4e7cb14 129458->129459 129460 4e7ccf8 lstrlenW 129458->129460 129461 4dc25c0 19 API calls 129459->129461 129547 4e7cd1f 129460->129547 129462 4e7cb2a 129461->129462 129464 4dc25c0 19 API calls 129462->129464 129463 4e7d0b3 129466 4dc1cf0 18 API calls 129463->129466 129465 4e7cb40 129464->129465 129467 4dff070 21 API calls 129465->129467 129469 4e7d0e5 memcpy 129466->129469 129472 4e7cb54 129467->129472 129468 4e7d5ed 129471 4dc25c0 19 API calls 129468->129471 129470 4e7d10d 129469->129470 129475 4dc1cf0 18 API calls 129470->129475 129476 4e7d607 129471->129476 129477 4e7cb65 129472->129477 129689 4e94070 17 API calls 129472->129689 129473 4e7cf1f lstrlenW 129473->129547 129474 4e7cd9c lstrlenW 129474->129547 129478 4e7d125 memcpy 129475->129478 129479 4dc25c0 19 API calls 129476->129479 129489 4e7cb87 GetFileAttributesW 129477->129489 129490 4e7cbf5 129477->129490 129482 4dff070 21 API calls 129478->129482 129483 4e7d61d 129479->129483 129481 4e93f10 RtlZeroMemory 129481->129547 129485 4e7d149 129482->129485 129486 4dff070 21 API calls 129483->129486 129487 4e7d156 129485->129487 129715 4e94070 17 API calls 129485->129715 129488 4e7d631 129486->129488 129502 4e7d177 GetFileAttributesW 129487->129502 129608 4e7d1a3 129487->129608 129506 4e7d642 129488->129506 129733 4e94070 17 API calls 129488->129733 129498 4e7cb93 129489->129498 129493 4dc25c0 19 API calls 129490->129493 129491 4dc25c0 19 API calls 129491->129547 129496 4e7cc06 129493->129496 129693 4e6bfa0 19 API calls 129496->129693 129498->129477 129525 4e7ccb6 129498->129525 129536 4e7cbc0 129498->129536 129690 4e9a090 27 API calls 129498->129690 129691 4e69490 19 API calls 129498->129691 129499 4e7d66e GetFileAttributesW 129501 4e7d843 129499->129501 129516 4e7d650 129499->129516 129504 4e7d86d 129501->129504 129505 4e7d85a 129501->129505 129510 4e7d48d 129502->129510 129531 4e7d187 129502->129531 129503 4e7cc1f 129694 4e7c870 426 API calls 129503->129694 129517 4dc1cf0 18 API calls 129504->129517 129512 4dc1cf0 18 API calls 129505->129512 129506->129499 129592 4e7d69c 129506->129592 129509 4dff070 21 API calls 129509->129547 129514 4e7d498 129510->129514 129542 4e7d4c3 129510->129542 129515 4e7d864 129512->129515 129513 4e7cc3a 129521 4e7cc42 129513->129521 129522 4e7cca0 129513->129522 129727 4e94070 17 API calls 129514->129727 129537 4e7d8bc 129515->129537 129538 4e7d8ac 129515->129538 129516->129501 129516->129506 129516->129592 129734 4e9a090 27 API calls 129516->129734 129523 4e7d88b memcpy 129517->129523 129519 4e7cce0 129700 4e94070 17 API calls 129519->129700 129520 4dc25c0 19 API calls 129520->129592 129561 4e7cc4c 129521->129561 129695 4e94070 17 API calls 129521->129695 129522->129536 129698 4e94070 17 API calls 129522->129698 129523->129515 129525->129519 129699 4e94070 17 API calls 129525->129699 129526 4e7cbf0 129549 4e7d0a5 129526->129549 129714 4e94070 17 API calls 129526->129714 129528 4e7d29b memcpy 129528->129608 129531->129487 129531->129510 129531->129608 129716 4e9a090 27 API calls 129531->129716 129532 4e7d201 memcpy 129717 4e94070 17 API calls 129532->129717 129535 4e7d26e memcpy 129718 4e94070 17 API calls 129535->129718 129536->129526 129692 4e94070 17 API calls 129536->129692 129551 4dc1cf0 18 API calls 129537->129551 129545 4dc1cf0 18 API calls 129538->129545 129540 4e7ccea 129540->129381 129728 4e94070 17 API calls 129542->129728 129570 4e7d8b4 129545->129570 129546 4e7d4bb 129560 4e7d575 129546->129560 129577 4e7d51c 129546->129577 129547->129463 129547->129468 129547->129473 129547->129474 129547->129481 129547->129491 129547->129509 129552 4e7cf5c 129547->129552 129553 4e7ce9a GetFileAttributesW 129547->129553 129701 4e93f30 RtlMoveMemory 129547->129701 129702 4e94070 17 API calls 129547->129702 129549->129381 129550 4e94070 17 API calls 129550->129592 129559 4e7d8d8 memcpy 129551->129559 129558 4dc25c0 19 API calls 129552->129558 129602 4e7cea6 129553->129602 129554 4e7d4ff memcpy 129554->129546 129557 4e7cc84 129557->129549 129697 4e94070 17 API calls 129557->129697 129562 4e7cf79 129558->129562 129743 4e94070 17 API calls 129559->129743 129568 4dc1cf0 18 API calls 129560->129568 129561->129557 129696 4e94070 17 API calls 129561->129696 129569 4dc25c0 19 API calls 129562->129569 129565 4dc1cf0 18 API calls 129565->129592 129572 4e7d593 memcpy 129568->129572 129573 4e7cf87 129569->129573 129576 4e7d920 129570->129576 129744 4e94070 17 API calls 129570->129744 129571 4e7cc92 129571->129381 129730 4e94070 17 API calls 129572->129730 129580 4e7cf91 129573->129580 129705 4e94070 17 API calls 129573->129705 129576->129526 129745 4e94070 17 API calls 129576->129745 129579 4e7d566 129577->129579 129581 4e7d560 129577->129581 129582 4e7d54e memcpy 129577->129582 129584 4e7d5d3 129579->129584 129731 4e94070 17 API calls 129579->129731 129706 4e6bfa0 19 API calls 129580->129706 129729 4e94070 17 API calls 129581->129729 129582->129581 129584->129526 129732 4e94070 17 API calls 129584->129732 129587 4e7d74a 129593 4e7d754 129587->129593 129737 4e94070 17 API calls 129587->129737 129590 4e7da30 129596 4e7da41 129590->129596 129754 4e94070 17 API calls 129590->129754 129591 4e7cf9e 129598 4dc25c0 19 API calls 129591->129598 129592->129520 129592->129550 129592->129565 129592->129587 129735 4e6bfa0 19 API calls 129592->129735 129736 4e7c870 426 API calls 129592->129736 129600 4e7d771 129593->129600 129738 4e94070 17 API calls 129593->129738 129594 4e7d5e5 129594->129526 129604 4e7da52 129596->129604 129755 4e94070 17 API calls 129596->129755 129605 4e7cfc0 129598->129605 129623 4e7d78e 129600->129623 129739 4e94070 17 API calls 129600->129739 129601 4e7da00 129601->129590 129753 4e94070 17 API calls 129601->129753 129602->129547 129602->129601 129609 4e94070 17 API calls 129602->129609 129703 4e9a090 27 API calls 129602->129703 129704 4e69490 19 API calls 129602->129704 129756 4e94070 17 API calls 129604->129756 129613 4dc1cf0 18 API calls 129605->129613 129608->129528 129608->129532 129608->129535 129614 4e7d392 129608->129614 129630 4e94070 17 API calls 129608->129630 129719 4e6bfa0 19 API calls 129608->129719 129720 4e7c870 426 API calls 129608->129720 129609->129602 129616 4e7cfd6 129613->129616 129617 4e7d39c 129614->129617 129721 4e94070 17 API calls 129614->129721 129615 4e7da5f 129615->129381 129707 4e7c870 426 API calls 129616->129707 129622 4e7d3b9 129617->129622 129722 4e94070 17 API calls 129617->129722 129619 4e7d7c6 129624 4e7d7d4 129619->129624 129741 4e94070 17 API calls 129619->129741 129646 4e7d3d6 129622->129646 129723 4e94070 17 API calls 129622->129723 129623->129619 129740 4e94070 17 API calls 129623->129740 129624->129549 129742 4e94070 17 API calls 129624->129742 129625 4e7cff8 129628 4e7d004 129625->129628 129629 4e7d93a 129625->129629 129633 4e7d00e 129628->129633 129708 4e94070 17 API calls 129628->129708 129634 4e7d944 129629->129634 129746 4e94070 17 API calls 129629->129746 129630->129608 129635 4e7d02b 129633->129635 129709 4e94070 17 API calls 129633->129709 129636 4e7d961 129634->129636 129747 4e94070 17 API calls 129634->129747 129654 4e7d048 129635->129654 129710 4e94070 17 API calls 129635->129710 129655 4e7d97e 129636->129655 129748 4e94070 17 API calls 129636->129748 129637 4e7d7e5 129637->129381 129643 4e7d410 129647 4e7d41e 129643->129647 129725 4e94070 17 API calls 129643->129725 129646->129643 129724 4e94070 17 API calls 129646->129724 129647->129549 129726 4e94070 17 API calls 129647->129726 129651 4e7d077 129656 4e7d081 129651->129656 129712 4e94070 17 API calls 129651->129712 129652 4e7d9c0 129657 4e7d9ca 129652->129657 129750 4e94070 17 API calls 129652->129750 129654->129651 129711 4e94070 17 API calls 129654->129711 129655->129652 129749 4e94070 17 API calls 129655->129749 129656->129526 129713 4e94070 17 API calls 129656->129713 129661 4e7d9db 129657->129661 129751 4e94070 17 API calls 129657->129751 129658 4e7d42f 129658->129381 129661->129549 129752 4e94070 17 API calls 129661->129752 129665 4e7d9f2 129665->129381 129666->129394 129667->129394 129668->129381 129669->129381 129670->129381 129671->129381 129672->129434 129673->129434 129674->129424 129675->129434 129676->129394 129677->129394 129678->129389 129679->129392 129680->129397 129681->129400 129682->129406 129683->129414 129684->129382 129685->129405 129686->129417 129687->129442 129688->129445 129689->129477 129690->129498 129691->129498 129692->129536 129693->129503 129694->129513 129695->129561 129696->129561 129697->129571 129698->129536 129699->129525 129700->129540 129701->129547 129702->129547 129703->129602 129704->129602 129705->129580 129706->129591 129707->129625 129708->129633 129709->129635 129710->129654 129711->129654 129712->129656 129713->129526 129714->129549 129715->129487 129716->129531 129717->129608 129718->129608 129719->129608 129720->129608 129721->129617 129722->129622 129723->129646 129724->129646 129725->129647 129726->129658 129727->129546 129728->129554 129729->129579 129730->129579 129731->129579 129732->129594 129733->129506 129734->129516 129735->129592 129736->129592 129737->129593 129738->129600 129739->129623 129740->129623 129741->129624 129742->129637 129743->129570 129744->129570 129745->129594 129746->129634 129747->129636 129748->129655 129749->129655 129750->129657 129751->129661 129752->129665 129753->129601 129754->129596 129755->129604 129756->129615 129757 4e38090 129759 4e380c6 129757->129759 129758 4e94ba0 WaitForSingleObject 129761 4e381c6 129758->129761 129760 4e381ae 129759->129760 129762 4e91a30 GetCurrentThreadId RtlRandom 129759->129762 129769 4e38148 129759->129769 129760->129758 129763 4e3826f wsprintfW wsprintfW CreateFileMappingW 129761->129763 129762->129759 129764 4e97780 8 API calls 129763->129764 129765 4e382d6 MapViewOfFile 129764->129765 129766 4e91930 GetSystemInfo 129765->129766 129767 4e38309 129766->129767 129768 4e94ba0 WaitForSingleObject 129767->129768 129770 4e38335 129768->129770 129771 4e38507 129770->129771 129774 4e38395 GetCurrentProcessId 129770->129774 129795 4e94e20 NtClose CloseHandle wsprintfW OpenMutexW 129770->129795 129796 4e94bc0 ReleaseMutex 129771->129796 129773 4e38510 129797 4e91a30 GetCurrentThreadId RtlRandom 129773->129797 129774->129770 129775 4e383ba OpenProcess 129774->129775 129775->129770 129791 4e383d3 129775->129791 129777 4e38522 129779 4e38565 129777->129779 129784 4e38529 129777->129784 129799 4e94bc0 ReleaseMutex 129779->129799 129780 4e383e5 wsprintfW wsprintfW OpenFileMappingW 129782 4e3843f MapViewOfFile 129780->129782 129780->129791 129782->129791 129783 4e3856e 129798 4e94bc0 ReleaseMutex 129784->129798 129787 4e665a0 NtClose CloseHandle 129787->129791 129788 4e38554 129789 4e38487 GetCurrentProcess DuplicateHandle 129790 4e384c6 GetCurrentProcess 129789->129790 129789->129791 129794 4e66760 NtUnmapViewOfSection 129790->129794 129791->129770 129791->129780 129791->129787 129791->129789 129791->129790 129793 4e666d0 NtMapViewOfSection 129791->129793 129793->129791 129794->129791 129795->129770 129796->129773 129797->129777 129798->129788 129799->129783 128010 4e4c350 128011 4e4c39a NtQueryDirectoryFile 128010->128011 129800 4e4c290 129801 4e4c2ad NtUnmapViewOfSection 129800->129801 129802 4e4c190 129803 4e4c1b2 NtOpenSection 129802->129803 129804 4e4c110 129805 4e4c13c NtSetInformationFile 129804->129805 128012 4e6cf50 128077 4e30ab0 GetLastError 128012->128077 128014 4e6cf63 128015 4e6d000 128014->128015 128016 4e6cfb2 128014->128016 128017 4e6cf81 128014->128017 128079 4e97930 GetCurrentProcess GetCurrentProcessId NtQueryInformationProcess 128015->128079 128020 4e6cfc6 128016->128020 128078 4e93f30 RtlMoveMemory 128016->128078 128017->128015 128019 4e6cf86 NtQueryInformationProcess 128017->128019 128019->128020 128025 4e30ae0 2 API calls 128020->128025 128021 4e6d00d 128023 4e6d305 128021->128023 128026 4e6d03a 128021->128026 128023->128019 128027 4e6d33f 128025->128027 128028 4e6d063 128026->128028 128029 4e6d048 128026->128029 128030 4dc1cf0 18 API calls 128028->128030 128031 4e30ae0 2 API calls 128029->128031 128032 4e6d079 128030->128032 128033 4e6d051 128031->128033 128080 4e97930 GetCurrentProcess GetCurrentProcessId NtQueryInformationProcess 128032->128080 128035 4e6d093 128036 4dc25c0 19 API calls 128035->128036 128037 4e6d0e4 128036->128037 128038 4dc25c0 19 API calls 128037->128038 128039 4e6d0f2 128038->128039 128041 4e6d0fc 128039->128041 128081 4e94070 17 API calls 128039->128081 128042 4e6d2aa 128041->128042 128043 4dc25c0 19 API calls 128041->128043 128044 4e6d2cc 128042->128044 128089 4e93f30 RtlMoveMemory 128042->128089 128045 4e6d139 128043->128045 128044->128020 128090 4e94070 17 API calls 128044->128090 128047 4dc3f20 20 API calls 128045->128047 128049 4e6d14d 128047->128049 128048 4e6d2e9 RtlInitUnicodeString 128048->128044 128050 4dc25c0 19 API calls 128049->128050 128052 4e6d15c 128050->128052 128054 4e6d16a 128052->128054 128082 4e94070 17 API calls 128052->128082 128053 4e6d300 128053->128020 128057 4e6d187 128054->128057 128083 4e94070 17 API calls 128054->128083 128084 4e302e0 RtlInitUnicodeString 128057->128084 128059 4e6d1b7 128060 4dc4c20 21 API calls 128059->128060 128061 4e6d1f5 128060->128061 128062 4dc25c0 19 API calls 128061->128062 128063 4e6d204 128062->128063 128066 4e6d212 128063->128066 128085 4e94070 17 API calls 128063->128085 128065 4e6d251 128067 4dc4c20 21 API calls 128065->128067 128066->128065 128086 4df93b0 19 API calls 128066->128086 128069 4e6d268 128067->128069 128087 4dff9a0 19 API calls 128069->128087 128071 4e6d275 128072 4e6d283 128071->128072 128088 4e94070 17 API calls 128071->128088 128073 4e306c0 17 API calls 128072->128073 128077->128014 128078->128020 128079->128021 128080->128035 128081->128041 128082->128054 128083->128057 128084->128059 128085->128066 128086->128065 128087->128071 128088->128072 128089->128048 128090->128053 129811 4e7db90 129858 4e30ab0 GetLastError 129811->129858 129813 4e7dba0 129814 4dc4c20 21 API calls 129813->129814 129815 4e7dbb8 LdrLoadDll 129814->129815 129817 4e7dc42 129815->129817 129829 4e7dbef 129815->129829 129818 4e7dc4f 129817->129818 129859 4e7dab0 GetCurrentProcess NtQueryInformationProcess 129817->129859 129820 4e7dc67 129818->129820 129821 4e7dd3d 129818->129821 129866 4dc4e30 20 API calls 129820->129866 129824 4e7dd4d 129821->129824 129880 4e94070 17 API calls 129821->129880 129823 4e7dc78 129867 4e4f790 31 API calls 129823->129867 129827 4e30ae0 2 API calls 129824->129827 129830 4e7dd59 129827->129830 129828 4e7dc88 129831 4dc25c0 19 API calls 129828->129831 129829->129817 129833 4e7dc33 DeactivateActCtx 129829->129833 129832 4e7dcaa 129831->129832 129868 4e50510 27 API calls 129832->129868 129833->129817 129835 4e7dcbf 129869 4e4f5c0 23 API calls 129835->129869 129837 4e7dcc6 129870 4e4d430 19 API calls 129837->129870 129839 4e7dcd2 129840 4e7dcde 129839->129840 129871 4e94070 17 API calls 129839->129871 129872 4e4f5c0 23 API calls 129840->129872 129843 4e7dce8 129873 4e506a0 23 API calls 129843->129873 129845 4e7dcef 129874 4e4f5c0 23 API calls 129845->129874 129847 4e7dcf6 129875 4e506a0 23 API calls 129847->129875 129849 4e7dcfd 129876 4e4f5c0 23 API calls 129849->129876 129851 4e7dd04 129877 4e4d390 21 API calls 129851->129877 129853 4e7dd0d 129856 4e7dd1b 129853->129856 129878 4e94070 17 API calls 129853->129878 129856->129821 129879 4e94070 17 API calls 129856->129879 129857 4e7dd38 129857->129821 129858->129813 129861 4e7dae0 129859->129861 129862 4e7daf7 RtlCompareUnicodeString 129861->129862 129865 4e7db17 129861->129865 129881 4e302e0 RtlInitUnicodeString 129861->129881 129862->129861 129863 4e7db06 129862->129863 129882 4e7abf0 9 API calls 129863->129882 129865->129818 129866->129823 129867->129828 129868->129835 129869->129837 129870->129839 129871->129840 129872->129843 129873->129845 129874->129847 129875->129849 129876->129851 129877->129853 129878->129856 129879->129857 129880->129824 129881->129861 129882->129861 129883 4dc4920 129884 4dc4944 129883->129884 129885 4dc49f3 VirtualProtect 129884->129885 129887 4dc4a87 129884->129887 129890 4e65810 VirtualProtect 129884->129890 129891 4e93f10 RtlZeroMemory 129884->129891 129892 4e65840 129884->129892 129885->129884 129885->129887 129890->129884 129891->129884 129893 4e65846 VirtualProtect 129892->129893 129894 4e6585c 129892->129894 129893->129894 129894->129884

                                        Executed Functions

                                        Function 04E90B90 Relevance: 359.7, APIs: 130, Strings: 75, Instructions: 978libraryloadermemoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 0 4e90b90-4e90ba9 1 4e90bab-4e90bc5 0->1 2 4e90bc7-4e90bd7 0->2 3 4e90bf5-4e90c6a GetTickCount call 4e51440 call 4e94bd0 TlsAlloc * 4 GetModuleHandleW GetProcAddress 1->3 4 4e90bd9-4e90bdb 2->4 5 4e90bdd-4e90be3 2->5 14 4e90c6c-4e90c78 GetCurrentProcess IsWow64Process 3->14 15 4e90c7e-4e91001 LoadLibraryW GetProcAddress * 42 LoadLibraryW GetProcAddress * 13 RtlAddVectoredExceptionHandler call 4e93f10 VirtualAlloc call 4e93f30 call 4e50e60 call 4e9cd00 ConvertStringSecurityDescriptorToSecurityDescriptorW 3->15 4->5 6 4e90be5-4e90bea call 4e35ff0 4->6 7 4e90bf0 5->7 6->7 7->3 14->15 25 4e9104e-4e91094 InitializeSecurityDescriptor SetSecurityDescriptorDacl VirtualAlloc call 4e91930 15->25 26 4e91003-4e9102a GetSecurityDescriptorSacl 15->26 30 4e91918-4e91922 25->30 31 4e9109a-4e910c8 GetSystemInfo GetVersionExW 25->31 26->25 28 4e9102c-4e91048 InitializeSecurityDescriptor SetSecurityDescriptorSacl 26->28 28->25 32 4e910ca-4e910cd 31->32 33 4e910dd-4e910df 31->33 32->33 34 4e910cf-4e910db 32->34 35 4e910e5-4e910e8 33->35 34->35 36 4e910f9 35->36 37 4e910ea-4e910f7 35->37 38 4e910ff-4e91111 call 4e940c0 36->38 37->36 37->38 41 4e91113-4e9112d RtlUpcaseUnicodeChar 38->41 41->41 42 4e9112f-4e9113d call 4e940c0 41->42 45 4e9115c 42->45 46 4e9113f-4e9115a call 4dc1cf0 42->46 48 4e91162-4e91178 GetCurrentProcess OpenProcessToken 45->48 46->48 50 4e9117e-4e9119c GetTokenInformation 48->50 51 4e91233-4e9124a RtlInitUnicodeString 48->51 52 4e911a2-4e911c5 call 4e940c0 GetTokenInformation 50->52 53 4e91226-4e91231 FindCloseChangeNotification 50->53 54 4e91250-4e91259 51->54 59 4e91219-4e9121b 52->59 60 4e911c7-4e91203 ConvertSidToStringSidW call 4dc25c0 * 2 52->60 53->51 54->54 56 4e9125b-4e9127a GetProcessHeap HeapAlloc 54->56 58 4e91280-4e91289 56->58 58->58 61 4e9128b-4e912ac call 4e93f30 LoadLibraryW 58->61 59->53 62 4e9121d-4e91223 call 4e94070 59->62 78 4e9120e-4e91213 LocalFree 60->78 79 4e91205-4e9120b call 4e94070 60->79 70 4e91492 61->70 71 4e912b2-4e912eb GetProcAddress * 3 61->71 62->53 80 4e9149d 70->80 73 4e912ed-4e91320 FindResourceW LoadResource LockResource SizeofResource 71->73 74 4e91342-4e913c6 GetModuleHandleW GetProcAddress LoadLibraryW GetProcAddress LoadLibraryW GetProcAddress GetProcessHeap HeapAlloc GetComputerNameW 71->74 73->74 75 4e91322-4e9132a 73->75 76 4e913c8-4e913d1 GetLastError 74->76 77 4e91401-4e91444 GetCurrentProcessId call 4e940c0 RegOpenKeyW 74->77 81 4e91339-4e9133c 75->81 82 4e9132c 75->82 76->77 83 4e913d3-4e913ff GetProcessHeap HeapReAlloc GetComputerNameW 76->83 89 4e914b2-4e914b4 77->89 94 4e91446-4e91484 NtQueryKey * 2 77->94 78->59 79->78 86 4e914a7-4e914ad 80->86 81->74 90 4e91330-4e91337 82->90 83->77 88 4e914af-4e914b0 RegCloseKey 86->88 86->89 88->89 92 4e914bf-4e914eb call 4e940c0 RegOpenKeyW 89->92 93 4e914b6-4e914bc call 4e94070 89->93 90->81 90->90 100 4e914ed-4e9151a NtQueryKey 92->100 101 4e9151f-4e91521 92->101 93->92 94->80 97 4e91486-4e91490 94->97 97->86 100->101 102 4e9151c-4e9151d RegCloseKey 100->102 103 4e9152c-4e91638 call 4e302e0 call 4e30340 call 4e30290 call 4e30340 NtCreateKey call 4e93f10 call 4e302e0 call 4e30340 call 4e30290 call 4e30340 NtOpenKey 101->103 104 4e91523-4e91529 call 4e94070 101->104 102->101 125 4e9163a-4e9163c 103->125 126 4e916ad-4e916b3 103->126 104->103 127 4e91640 125->127 128 4e916c1-4e9173c call 4e302e0 call 4e30340 call 4e30290 call 4e30340 NtQueryAttributesFile 126->128 129 4e916b5-4e916b8 126->129 130 4e91645-4e9164b 127->130 157 4e91768 128->157 158 4e9173e-4e91766 FileTimeToSystemTime 128->158 129->128 131 4e916ba-4e916bb CloseHandle 129->131 133 4e9165a-4e91672 NtQueryKey 130->133 134 4e9164d-4e91658 call 4e940c0 130->134 131->128 137 4e91674-4e91676 133->137 138 4e91686-4e9168b 133->138 134->133 141 4e91678-4e9167e call 4e94070 137->141 142 4e91681-4e91684 137->142 144 4e9168d-4e9168f 138->144 145 4e91691 138->145 141->142 142->130 144->145 146 4e91698-4e9169a 144->146 145->146 149 4e9169c-4e916a2 call 4e94070 146->149 150 4e916a5-4e916ab 146->150 149->150 150->126 150->127 159 4e91772-4e917d7 GetModuleHandleW GetProcAddress NtQueryInformationFile 157->159 158->159 161 4e917d9-4e91828 call 4e93f10 SetLastError CreateActCtxW GetLastError 159->161 162 4e9182d-4e91840 call 4e3a060 159->162 161->162 167 4e91842-4e91852 call 4e93f30 162->167 168 4e91855-4e918f0 call 4e93f10 ConvertStringSecurityDescriptorToSecurityDescriptorW call 4e907d0 call 4e93cc0 call 4de13d0 call 4de3490 call 4de4280 call 4de5140 call 4e92d50 call 4e43f00 call 4e41c20 call 4e49cd0 call 4e3da00 call 4de9740 call 4de6b30 call 4deec60 call 4deccd0 call 4e07420 call 4df5720 call 4df6990 call 4e3a860 call 4e1eb30 call 4df3580 call 4df00d0 call 4e05fa0 162->168 167->168 218 4e918f5-4e91913 call 4e97530 call 4e25030 call 4e2be70 call 4e11d50 call 4e310f0 call 4e08ca0 call 4e61160 168->218 218->30
                                        APIs
                                        • GetTickCount.KERNEL32 ref: 04E90BF9
                                        • TlsAlloc.KERNEL32(00000000,?), ref: 04E90C24
                                        • TlsAlloc.KERNEL32 ref: 04E90C2B
                                        • TlsAlloc.KERNEL32 ref: 04E90C32
                                        • TlsAlloc.KERNEL32 ref: 04E90C39
                                        • GetModuleHandleW.KERNEL32(kernel32.dll,IsWow64Process), ref: 04E90C54
                                        • GetProcAddress.KERNEL32(00000000), ref: 04E90C61
                                        • GetCurrentProcess.KERNEL32(04EC8D28), ref: 04E90C71
                                        • IsWow64Process.KERNEL32(00000000), ref: 04E90C78
                                        • LoadLibraryW.KERNEL32(ntdll.dll), ref: 04E90CA7
                                        • GetProcAddress.KERNEL32(00000000,DbgPrint), ref: 04E90CB1
                                        • GetProcAddress.KERNEL32(00000000,RtlMoveMemory), ref: 04E90CBE
                                        • GetProcAddress.KERNEL32(00000000,RtlZeroMemory), ref: 04E90CCB
                                        • GetProcAddress.KERNEL32(00000000,RtlCompareMemory), ref: 04E90CD8
                                        • GetProcAddress.KERNEL32(00000000,RtlInitUnicodeString), ref: 04E90CE5
                                        • GetProcAddress.KERNEL32(00000000,RtlFreeUnicodeString), ref: 04E90CF2
                                        • GetProcAddress.KERNEL32(00000000,NtQueryKey), ref: 04E90CFF
                                        • GetProcAddress.KERNEL32(00000000,NtCreateKey), ref: 04E90D0C
                                        • GetProcAddress.KERNEL32(00000000,NtOpenKey), ref: 04E90D19
                                        • GetProcAddress.KERNEL32(00000000,RtlUpcaseUnicodeChar), ref: 04E90D26
                                        • GetProcAddress.KERNEL32(00000000,RtlCompareUnicodeString), ref: 04E90D33
                                        • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 04E90D40
                                        • GetProcAddress.KERNEL32(00000000,NtOpenDirectoryObject), ref: 04E90D4D
                                        • GetProcAddress.KERNEL32(00000000,NtOpenSymbolicLinkObject), ref: 04E90D5A
                                        • GetProcAddress.KERNEL32(00000000,NtQuerySymbolicLinkObject), ref: 04E90D67
                                        • GetProcAddress.KERNEL32(00000000,NtQueueApcThread), ref: 04E90D74
                                        • GetProcAddress.KERNEL32(00000000,RtlCreateSecurityDescriptor), ref: 04E90D81
                                        • GetProcAddress.KERNEL32(00000000,NtSetIoCompletion), ref: 04E90D8E
                                        • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 04E90D9B
                                        • GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 04E90DA8
                                        • GetProcAddress.KERNEL32(00000000,RtlDosPathNameToNtPathName_U), ref: 04E90DB5
                                        • GetProcAddress.KERNEL32(00000000,NtCreateIoCompletion), ref: 04E90DC2
                                        • GetProcAddress.KERNEL32(00000000,NtCreateWaitablePort), ref: 04E90DCF
                                        • GetProcAddress.KERNEL32(00000000,NtReplyWaitReceivePort), ref: 04E90DDC
                                        • GetProcAddress.KERNEL32(00000000,NtAcceptConnectPort), ref: 04E90DE9
                                        • GetProcAddress.KERNEL32(00000000,NtCompleteConnectPort), ref: 04E90DF6
                                        • GetProcAddress.KERNEL32(00000000,NtReplyPort), ref: 04E90E03
                                        • GetProcAddress.KERNEL32(00000000,NtConnectPort), ref: 04E90E10
                                        • GetProcAddress.KERNEL32(00000000,NtRequestWaitReplyPort), ref: 04E90E1D
                                        • GetProcAddress.KERNEL32(00000000,RtlRandom), ref: 04E90E2A
                                        • GetProcAddress.KERNEL32(00000000,NtQueryAttributesFile), ref: 04E90E37
                                        • GetProcAddress.KERNEL32(00000000,NtQueryInformationFile), ref: 04E90E44
                                        • GetProcAddress.KERNEL32(00000000,NtSetSecurityObject), ref: 04E90E51
                                        • GetProcAddress.KERNEL32(00000000,RtlDowncaseUnicodeChar), ref: 04E90E5E
                                        • GetProcAddress.KERNEL32(00000000,NtCreateIoCompletion), ref: 04E90E6B
                                        • GetProcAddress.KERNEL32(00000000,NtRemoveIoCompletion), ref: 04E90E78
                                        • GetProcAddress.KERNEL32(00000000,NtOpenFile), ref: 04E90E85
                                        • GetProcAddress.KERNEL32(00000000,NtCreateFile), ref: 04E90E92
                                        • GetProcAddress.KERNEL32(00000000,NtWaitForSingleObject), ref: 04E90E9F
                                        • GetProcAddress.KERNEL32(00000000,NtCreateSection), ref: 04E90EAC
                                        • GetProcAddress.KERNEL32(00000000,NtClose), ref: 04E90EB9
                                        • GetProcAddress.KERNEL32(00000000,memset), ref: 04E90EC6
                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 04E90ED2
                                        • GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 04E90EDC
                                        • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 04E90EE9
                                        • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 04E90EF6
                                        • GetProcAddress.KERNEL32(00000000,GetCurrentActCtx), ref: 04E90F03
                                        • GetProcAddress.KERNEL32(00000000,OpenThread), ref: 04E90F10
                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 04E90F1D
                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 04E90F2A
                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 04E90F37
                                        • GetProcAddress.KERNEL32(00000000,TlsSetValue), ref: 04E90F44
                                        • GetProcAddress.KERNEL32(00000000,GetThreadPreferredUILanguages), ref: 04E90F51
                                        • GetProcAddress.KERNEL32(00000000,AddVectoredExceptionHandler), ref: 04E90F5E
                                        • GetProcAddress.KERNEL32(00000000,RemoveVectoredExceptionHandler), ref: 04E90F6B
                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 04E90F78
                                        • RtlAddVectoredExceptionHandler.NTDLL(00000001,04E667A0), ref: 04E90F86
                                          • Part of subcall function 04E93F10: RtlZeroMemory.NTDLL(00000000,00000008), ref: 04E93F1A
                                        • VirtualAlloc.KERNELBASE(00000000,00000025,00001000,00000040), ref: 04E90FB1
                                          • Part of subcall function 04E93F30: RtlMoveMemory.NTDLL(?,?,00000000), ref: 04E93F3F
                                          • Part of subcall function 04E9CD00: InterlockedCompareExchange.KERNEL32(04EC8D58,00000000,00000000), ref: 04E9CD82
                                          • Part of subcall function 04E9CD00: RtlAddVectoredExceptionHandler.NTDLL(00000001,04E9CAE0), ref: 04E9CD9F
                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NW;;;LW),00000001,04EC8C2C,00000000), ref: 04E90FF3
                                        • GetSecurityDescriptorSacl.ADVAPI32(00972A48,?,04EC8C28,?), ref: 04E91022
                                        • InitializeSecurityDescriptor.ADVAPI32(04EC8C14,00000001), ref: 04E91033
                                        • SetSecurityDescriptorSacl.ADVAPI32(04EC8C14,00000001,00972A5C,?), ref: 04E91048
                                        • InitializeSecurityDescriptor.ADVAPI32(04EC8C00,00000001), ref: 04E91055
                                        • SetSecurityDescriptorDacl.ADVAPI32(04EC8C00,00000001,00000000,00000000), ref: 04E91062
                                        • VirtualAlloc.KERNELBASE(00000000,01000000,00001000,00000004), ref: 04E91076
                                        • GetSystemInfo.KERNEL32(04EC8ABC), ref: 04E9109F
                                        • GetVersionExW.KERNEL32(04EC8AE0), ref: 04E910B4
                                        • RtlUpcaseUnicodeChar.NTDLL(00000000), ref: 04E91114
                                        • GetCurrentProcess.KERNEL32(00000008,?), ref: 04E91169
                                        • OpenProcessToken.ADVAPI32(00000000), ref: 04E91170
                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 04E91190
                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 04E911BD
                                        • ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 04E911CF
                                        • LocalFree.KERNEL32(?,?,?), ref: 04E91213
                                        • FindCloseChangeNotification.KERNELBASE(?), ref: 04E9122B
                                        • RtlInitUnicodeString.NTDLL(04EC8AA8,Wow6432Node), ref: 04E9123D
                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 04E91261
                                        • HeapAlloc.KERNEL32(00000000), ref: 04E91268
                                        • LoadLibraryW.KERNELBASE(sxs.dll), ref: 04E912A3
                                        • GetProcAddress.KERNEL32(00000000,SxsGenerateActivationContext), ref: 04E912B8
                                        • GetProcAddress.KERNEL32(6FCA0000,SxspGeneratePolicyPathOnAssemblyIdentity), ref: 04E912CA
                                        • GetProcAddress.KERNEL32(6FCA0000,SxspGenerateManifestPathOnAssemblyIdentity), ref: 04E912DD
                                        • FindResourceW.KERNELBASE(6FCA0000,00000001,00000010), ref: 04E912F2
                                        • LoadResource.KERNEL32(6FCA0000,00000000), ref: 04E91302
                                        • LockResource.KERNEL32(00000000), ref: 04E91309
                                        • SizeofResource.KERNEL32(6FCA0000,00000000), ref: 04E91318
                                        • GetModuleHandleW.KERNEL32(ntdll.dll,RtlCreateActivationContext), ref: 04E9134C
                                        • GetProcAddress.KERNEL32(00000000), ref: 04E91353
                                        • LoadLibraryW.KERNEL32(advapi32.dll), ref: 04E9135F
                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 04E9136C
                                        • LoadLibraryW.KERNELBASE(mpr.dll), ref: 04E91378
                                        • GetProcAddress.KERNEL32(00000000,WNetGetConnectionW), ref: 04E91385
                                        • GetProcessHeap.KERNEL32 ref: 04E9139E
                                        • HeapAlloc.KERNEL32(00000000), ref: 04E913A1
                                        • GetComputerNameW.KERNEL32(0097A7D0,?), ref: 04E913C2
                                        • GetLastError.KERNEL32 ref: 04E913C8
                                        • GetProcessHeap.KERNEL32(00000000,0097A7D0), ref: 04E913EB
                                        • HeapReAlloc.KERNEL32(00000000), ref: 04E913EE
                                        • GetComputerNameW.KERNEL32(00000000,?), ref: 04E913FF
                                        • GetCurrentProcessId.KERNEL32 ref: 04E91401
                                        • RegOpenKeyW.ADVAPI32(80000005,System,?), ref: 04E9143A
                                        • NtQueryKey.NTDLL(?,00000007,00000000,00010000,?), ref: 04E91458
                                        • NtQueryKey.NTDLL(?,00000005,00000000,00010000,?), ref: 04E9147C
                                        • RegCloseKey.ADVAPI32(?), ref: 04E914B0
                                        • RegOpenKeyW.ADVAPI32(80000005,System,?), ref: 04E914E7
                                        • NtQueryKey.NTDLL(?,00000007,00000000,00010000,?), ref: 04E91502
                                        • RegCloseKey.ADVAPI32(?), ref: 04E9151D
                                        • NtCreateKey.NTDLL(?,00020019,00000000,00000000,00000000), ref: 04E9157F
                                        • NtOpenKey.NTDLL(?,00020019,00000000), ref: 04E91630
                                        • NtQueryKey.NTDLL(?,00000000,00000000,00000000,?), ref: 04E91667
                                        • CloseHandle.KERNEL32(?), ref: 04E916BB
                                        • NtQueryAttributesFile.NTDLL(00000000,04EC8954), ref: 04E91734
                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 04E9175B
                                        • GetModuleHandleW.KERNEL32(ntdll,NtQueryObject), ref: 04E9177C
                                        • GetProcAddress.KERNEL32(00000000), ref: 04E91783
                                        • NtQueryInformationFile.NTDLL(04EC8954,?,?,00000008,00000013), ref: 04E917C5
                                        • SetLastError.KERNEL32 ref: 04E9180E
                                        • CreateActCtxW.KERNEL32(?), ref: 04E9181C
                                        • GetLastError.KERNEL32 ref: 04E91822
                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:P(A;OICI;GA;;;WD),00000001,04EC896C,00000000), ref: 04E9187C
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: AddressProc$AllocDescriptorSecurity$Process$HeapLoadQuery$Library$CloseHandleOpenResourceString$ConvertCurrentErrorFileInformationLastModuleToken$ComputerCreateExceptionFindHandlerInitializeMemoryNameSaclSystemTimeUnicodeVectoredVirtual$AttributesChangeCharCompareCountDaclExchangeFreeInfoInitInterlockedLocalLockMoveNotificationSizeofTickUpcaseVersionWow64Zero
                                        • String ID: $ActivateActCtx$AddVectoredExceptionHandler$CreateActCtxW$D:P(A;OICI;GA;;;WD)$DbgPrint$DeactivateActCtx$GetCurrentActCtx$GetSystemWow64DirectoryW$GetThreadPreferredUILanguages$IsWow64Process$NtAcceptConnectPort$NtClose$NtCompleteConnectPort$NtConnectPort$NtCreateFile$NtCreateIoCompletion$NtCreateKey$NtCreateSection$NtCreateWaitablePort$NtMapViewOfSection$NtOpenDirectoryObject$NtOpenFile$NtOpenKey$NtOpenSymbolicLinkObject$NtQueryAttributesFile$NtQueryInformationFile$NtQueryInformationProcess$NtQueryKey$NtQueryObject$NtQuerySymbolicLinkObject$NtQueueApcThread$NtRemoveIoCompletion$NtReplyPort$NtReplyWaitReceivePort$NtRequestWaitReplyPort$NtSetIoCompletion$NtSetSecurityObject$NtUnmapViewOfSection$NtWaitForSingleObject$OpenThread$RegDeleteKeyExW$RemoveVectoredExceptionHandler$RtlCompareMemory$RtlCompareUnicodeString$RtlCreateActivationContext$RtlCreateSecurityDescriptor$RtlDosPathNameToNtPathName_U$RtlDowncaseUnicodeChar$RtlFreeUnicodeString$RtlInitUnicodeString$RtlMoveMemory$RtlRandom$RtlUpcaseUnicodeChar$RtlZeroMemory$S:(ML;;NW;;;LW)$SxsGenerateActivationContext$SxspGenerateManifestPathOnAssemblyIdentity$SxspGeneratePolicyPathOnAssemblyIdentity$System$This is a demo version of BoxedApp SDKThe full registered version doesn't show this notificationObtain a full version, purchas$TlsSetValue$WNetGetConnectionW$Wow6432Node$Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion$advapi32.dll$invalid_path$kernel32.dll$memset$mpr.dll$ntdll$ntdll.dll$sxs.dll
                                        • API String ID: 1202252573-2233602225
                                        • Opcode ID: 8614cf2e8b16f1172e6ea5609ba49a5f71d2326895488d8742cb9cbd59065f52
                                        • Instruction ID: 912364a0972e3024582fa3d7179412fbea190bbb69b9f92b33d46591d0d08f70
                                        • Opcode Fuzzy Hash: 8614cf2e8b16f1172e6ea5609ba49a5f71d2326895488d8742cb9cbd59065f52
                                        • Instruction Fuzzy Hash: B6728170A40304AFE754BF76ED49F5B7AE9FB84706F00582AF54497284EAB8AC05CF52
                                        Function 04DFB200 Relevance: 50.2, APIs: 24, Strings: 4, Instructions: 1217sharenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • _chkstk.NTDLL(04DFA0C1,?,?,?,?,?,?,?,00000000,?,00000000), ref: 04DFB205
                                        • TlsGetValue.KERNEL32(00000014,?), ref: 04DFB222
                                        • TlsSetValue.KERNEL32(00000014,-00000001), ref: 04DFB233
                                          • Part of subcall function 04E30B00: SetErrorMode.KERNELBASE(00000000,?,04DFB244,00000001), ref: 04E30B08
                                          • Part of subcall function 04E304A0: RtlInitUnicodeString.NTDLL(00000000,00000000), ref: 04E304B0
                                        • GetCurrentProcess.KERNEL32(00000017,?,00000024,00000000,00000004,00000004,00000005,?,?,\??\,00000001,?,?,00000001), ref: 04DFB359
                                        • NtQueryInformationProcess.NTDLL(?,?,\??\,00000001,?,?,00000001), ref: 04DFB369
                                        • WNetGetConnectionW.MPR(00000001,00000001,?), ref: 04DFB3FA
                                        • WNetGetConnectionW.MPR(00000001,00000001,?), ref: 04DFB44E
                                          • Part of subcall function 04E302E0: RtlInitUnicodeString.NTDLL(?,00000000), ref: 04E302E9
                                        • RtlCompareUnicodeString.NTDLL(00000000,00000000,00000001), ref: 04DFB656
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: StringUnicode$ConnectionInitProcessValue$CompareCurrentErrorInformationModeQuery_chkstk
                                        • String ID: \??\$\??\UNC$\??\Z:$\Device\
                                        • API String ID: 1319109772-2600112092
                                        • Opcode ID: 5e7af0bcbf073f1b46a62ac1bb4a8c31755bb65c7e13e5ffb1a28011f16630a0
                                        • Instruction ID: cafa32b193252774f2930d484611fc51eb97bd56c2e50bdcc942e9c8c4920ef9
                                        • Opcode Fuzzy Hash: 5e7af0bcbf073f1b46a62ac1bb4a8c31755bb65c7e13e5ffb1a28011f16630a0
                                        • Instruction Fuzzy Hash: 4DA26B716043409BE735EB60CC94AEFB3E9FF84705F01591DE68A5B294EB34B905CBA2
                                        Function 04E94BD0 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 145nativelibraryloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • GetCurrentProcessId.KERNEL32(?,00000000,?), ref: 04E94BD9
                                        • wsprintfW.USER32 ref: 04E94C0B
                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 04E94C3B
                                        • CreateMutexW.KERNELBASE(?,00000001,?), ref: 04E94C49
                                        • LocalFree.KERNEL32(?), ref: 04E94C5A
                                        • GetModuleHandleW.KERNEL32(ntdll.dll,NtSetSecurityObject,?), ref: 04E94C7B
                                        • GetProcAddress.KERNEL32(00000000), ref: 04E94C82
                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NW;;;LW),00000001,?,00000000), ref: 04E94CC2
                                        • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 04E94CEA
                                        • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 04E94CFB
                                        • SetSecurityDescriptorSacl.ADVAPI32(?,00000001,?,?), ref: 04E94D0E
                                        • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 04E94D3A
                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 04E94D45
                                        • NtSetSecurityObject.NTDLL(00000000,00000010,?), ref: 04E94D53
                                        • NtSetSecurityObject.NTDLL(00000000,00000004,?), ref: 04E94D5D
                                        • LocalFree.KERNEL32(?), ref: 04E94D68
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Security$Descriptor$ConvertFreeInitializeLocalObjectSaclString$AddressCreateCurrentDaclHandleModuleMutexProcProcesswsprintf
                                        • String ID: %s_%.8x_%.8x_%.8x$D:P(A;OICI;GA;;;WD)$NtSetSecurityObject$S:(ML;;NW;;;LW)$bx_process_mutex$ntdll.dll
                                        • API String ID: 83868107-2474672594
                                        • Opcode ID: 1dd69b1c3bcdab3a8a420fb549d9930663617b4bb8f57650c436a0ef4fd41654
                                        • Instruction ID: 3880c31df89c6b1ad3c31b3dad8538a7d0f2f3d1ebc84bfc4507490cc7c0efdc
                                        • Opcode Fuzzy Hash: 1dd69b1c3bcdab3a8a420fb549d9930663617b4bb8f57650c436a0ef4fd41654
                                        • Instruction Fuzzy Hash: 20415DB1108344AFD310DF65EC85EAFB7E9EB88705F40491EF684D2280E7B9ED458B66
                                        Function 04E7E190 Relevance: 37.7, APIs: 10, Strings: 11, Instructions: 902COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1026 4e7e190-4e7e1bd call 4e30ab0 1029 4e7e210-4e7e214 1026->1029 1030 4e7e1bf-4e7e1d1 1026->1030 1031 4e7e220-4e7e236 1029->1031 1034 4e7e1d3-4e7e1f3 call 4e50510 call 4e4d430 call 4e4d390 1030->1034 1035 4e7e1f8-4e7e20a 1030->1035 1036 4e7e277-4e7e281 1031->1036 1037 4e7e238-4e7e272 call 4e50510 call 4e4d430 call 4e4f6b0 call 4e4f5c0 call 4e4d390 1031->1037 1034->1035 1035->1029 1041 4e7e287-4e7e294 1036->1041 1042 4e7ecb9-4e7eccb 1036->1042 1037->1036 1045 4e7e296-4e7e2a8 1041->1045 1046 4e7e2d9-4e7e365 call 4e694f0 call 4e7cad0 1041->1046 1054 4e7ed21-4e7ed36 call 4e30ae0 1042->1054 1055 4e7eccd-4e7ed1c call 4e50510 call 4e4d430 call 4e4f6b0 call 4e4f5c0 call 4e4f6b0 call 4e4f5c0 call 4e4d390 1042->1055 1057 4e7e2d4 1045->1057 1058 4e7e2aa-4e7e2cf call 4e50510 call 4e4d430 call 4e4d390 1045->1058 1078 4e7e36b-4e7e374 1046->1078 1079 4e7ed39-4e7ed82 call 4e66060 1046->1079 1055->1054 1057->1046 1058->1057 1082 4e7e6c6-4e7e6cf 1078->1082 1083 4e7e37a-4e7e383 1078->1083 1092 4e7ed84-4e7eda2 call 4e695a0 call 4e30ae0 1079->1092 1089 4e7e6d1-4e7e6d4 1082->1089 1090 4e7e73c-4e7e7aa CreateProcessW 1082->1090 1085 4e7e410-4e7e418 1083->1085 1086 4e7e389-4e7e395 call 4e30ad0 1083->1086 1095 4e7e41e-4e7e474 call 4dc1cf0 call 4e99410 call 4e994d0 call 4dc25c0 1085->1095 1096 4e7e6b9-4e7e6c1 1085->1096 1104 4e7e397-4e7e3ae call 4e94070 1086->1104 1105 4e7e3b5-4e7e3be 1086->1105 1089->1090 1093 4e7e6d6-4e7e73a 1089->1093 1090->1092 1109 4e7e7b0-4e7e7b2 1090->1109 1093->1109 1150 4e7e476-4e7e48d call 4e94070 1095->1150 1151 4e7e494-4e7e4b3 call 4dc1cf0 1095->1151 1102 4e7e7b8-4e7e7ef GetCurrentProcess call 4e978e0 1096->1102 1127 4e7e7f1-4e7e807 call 4e98f90 1102->1127 1128 4e7e809-4e7e81b call 4e9bbf0 1102->1128 1104->1105 1114 4e7e3c0-4e7e3d7 call 4e94070 1105->1114 1115 4e7e3de-4e7e3e7 1105->1115 1109->1102 1116 4e7eda5-4e7edc3 call 4e695a0 call 4e30ae0 1109->1116 1114->1115 1115->1031 1126 4e7e3ed-4e7e40b call 4e94070 1115->1126 1126->1031 1141 4e7e81e-4e7e822 1127->1141 1128->1141 1144 4e7e824-4e7e851 call 4e940c0 call 4e94070 1141->1144 1145 4e7e853-4e7e85a 1141->1145 1166 4e7e8a2-4e7e8a9 1144->1166 1148 4e7e85c 1145->1148 1149 4e7e86b-4e7e89f call 4e940c0 call 4e94070 memcpy 1145->1149 1154 4e7e860-4e7e869 1148->1154 1149->1166 1150->1151 1163 4e7e4b9-4e7e510 call 4dff070 * 3 call 4dc25c0 1151->1163 1164 4e7e588-4e7e5c9 call 4dff070 * 2 call 4dc25c0 1151->1164 1154->1149 1154->1154 1218 4e7e512-4e7e529 call 4e94070 1163->1218 1219 4e7e530-4e7e539 1163->1219 1201 4e7e5cb-4e7e5e2 call 4e94070 1164->1201 1202 4e7e5e9-4e7e5f2 1164->1202 1169 4e7e8db-4e7e8de 1166->1169 1170 4e7e8ab-4e7e8bb 1166->1170 1176 4e7e910-4e7e927 1169->1176 1177 4e7e8e0-4e7e8f0 1169->1177 1170->1169 1174 4e7e8bd-4e7e8d4 call 4e94070 1170->1174 1174->1169 1182 4e7e981-4e7e989 1176->1182 1183 4e7e929-4e7e955 call 4e98f90 call 4e68cb0 1176->1183 1177->1176 1180 4e7e8f2-4e7e909 call 4e94070 1177->1180 1180->1176 1187 4e7eaa5-4e7eaa8 1182->1187 1188 4e7e98f-4e7e992 1182->1188 1216 4e7e957-4e7e96e call 4e94070 1183->1216 1217 4e7e975-4e7e977 1183->1217 1192 4e7eadc-4e7eaee 1187->1192 1193 4e7eaaa-4e7eada call 4e98f90 1187->1193 1196 4e7e994-4e7e9c9 call 4e98f90 1188->1196 1197 4e7e9cb-4e7e9df 1188->1197 1204 4e7eaf0-4e7eb7b GetCurrentProcessId GetConsoleWindow call 4e78400 1192->1204 1193->1204 1205 4e7e9e3-4e7ea66 GetCurrentProcessId GetConsoleWindow call 4e764a0 1196->1205 1197->1205 1201->1202 1212 4e7e5f4-4e7e608 call 4e94070 1202->1212 1213 4e7e612-4e7e67c 1202->1213 1231 4e7eba1-4e7eba5 1204->1231 1232 4e7eb7d-4e7eb8a 1204->1232 1205->1231 1234 4e7ea6c-4e7ea7a 1205->1234 1237 4e7e60f 1212->1237 1255 4e7e693-4e7e699 1213->1255 1256 4e7e67e-4e7e68f call 4e94070 1213->1256 1216->1217 1226 4e7e97d 1217->1226 1227 4e7e979-4e7e97b 1217->1227 1218->1219 1229 4e7e53b-4e7e552 call 4e94070 1219->1229 1230 4e7e559-4e7e562 1219->1230 1226->1182 1227->1182 1229->1230 1230->1213 1243 4e7e568-4e7e583 call 4e94070 1230->1243 1235 4e7edc6-4e7edce 1231->1235 1236 4e7ebab-4e7ebb3 1231->1236 1232->1231 1242 4e7eb8c-4e7eb9d call 4e94070 1232->1242 1234->1231 1238 4e7ea80-4e7eaa0 call 4e94070 1234->1238 1251 4e7edd0-4e7edd8 1235->1251 1252 4e7ee1f-4e7ee63 1235->1252 1244 4e7ee6d-4e7ee71 1236->1244 1245 4e7ebb9-4e7ec17 TerminateProcess 1236->1245 1237->1213 1238->1231 1242->1231 1243->1237 1257 4e7ee84-4e7ee8a 1244->1257 1258 4e7ee73-4e7ee7a 1244->1258 1285 4e7ee67-4e7ee6b 1245->1285 1286 4e7ec1d-4e7ec23 1245->1286 1259 4e7ede1-4e7ee1d 1251->1259 1260 4e7edda-4e7eddb ResumeThread 1251->1260 1252->1257 1281 4e7ee65 1252->1281 1255->1109 1265 4e7e69f-4e7e6b4 call 4e94070 1255->1265 1256->1255 1267 4e7ee95-4e7eeb5 call 4e695a0 call 4e30ae0 1257->1267 1268 4e7ee8c-4e7ee92 call 4e94070 1257->1268 1266 4e7ee7d-4e7ee7e ResumeThread 1258->1266 1259->1257 1260->1259 1265->1109 1266->1257 1268->1267 1281->1266 1285->1257 1287 4e7ec25-4e7ec2b call 4e94070 1286->1287 1288 4e7ec2e-4e7ec37 1286->1288 1287->1288 1290 4e7ec57-4e7ec60 1288->1290 1291 4e7ec39-4e7ec50 call 4e94070 1288->1291 1293 4e7ec62-4e7ec79 call 4e94070 1290->1293 1294 4e7ec80-4e7ec87 1290->1294 1291->1290 1293->1294 1294->1031 1298 4e7ec8d-4e7ecb4 call 4e94070 1294->1298 1298->1031
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Current$ErrorFileLastLocalPrintProcessThreadTimeWrite
                                        • String ID: /c $ /c "$ to run the process$) reaches maximum $. Returning with FALSE.$Attempt #$Attempts count ($ComSpec$EXTENDED_STARTUPINFO_PRESENT presents, but we experienced problems when this flag specified. Current implementation clears this fl$This attempt will use a stub file created on a disk if virtual process is going to be started$sysapi/process
                                        • API String ID: 1560495884-1108957309
                                        • Opcode ID: 6bdad5f1035d60f21015c6f216cdee5832ee5de94f97b1e056f8ddabfd1730d0
                                        • Instruction ID: 3ed7a7005ec0fb8360b71a0062fb30f53250414fdafca382c5ab8268b85b9c79
                                        • Opcode Fuzzy Hash: 6bdad5f1035d60f21015c6f216cdee5832ee5de94f97b1e056f8ddabfd1730d0
                                        • Instruction Fuzzy Hash: 9D726EB1608380AFD730DF69D880A9BB7E5FFC9718F00995DE58987251EB31B905CB92
                                        Function 04E6E640 Relevance: 24.9, APIs: 3, Strings: 11, Instructions: 395filenativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2139 4e6e640-4e6e6c3 call 4e30ab0 NtDeviceIoControlFile 2143 4e6ebc9-4e6ebde call 4e30ae0 2139->2143 2144 4e6e6c9-4e6e6cf 2139->2144 2144->2143 2145 4e6e6d5-4e6e70e call 4e302c0 call 4e30340 call 4e30620 2144->2145 2155 4e6e773-4e6e780 call 4e30340 2145->2155 2156 4e6e710-4e6e76e call 4e306e0 call 4e50510 call 4e4f5c0 call 4e4d430 call 4e4f610 call 4e4d430 * 2 call 4e4d390 2145->2156 2161 4e6e7e7-4e6e7f9 2155->2161 2162 4e6e782-4e6e792 call 4e30340 2155->2162 2156->2155 2169 4e6ebc0-4e6ebc4 call 4e306c0 2161->2169 2170 4e6e7ff-4e6e862 call 4e306e0 call 4e50510 call 4e4f5c0 call 4e4d430 call 4e4f610 call 4e4d430 * 2 call 4e4d390 2161->2170 2162->2161 2171 4e6e794-4e6e7a9 call 4e30340 2162->2171 2169->2143 2170->2169 2171->2161 2181 4e6e7ab-4e6e7bb call 4e30340 2171->2181 2181->2161 2190 4e6e7bd-4e6e7ce call 4e30340 2181->2190 2190->2161 2199 4e6e7d0-4e6e7e1 call 4e30340 2190->2199 2199->2161 2206 4e6e867-4e6e8da call 4e30620 call 4e308c0 call 4e30270 call 4e30340 * 2 call 4e30290 call 4e30340 NtOpenFile 2199->2206 2225 4e6e8e0-4e6e8f2 2206->2225 2226 4e6e981-4e6e993 2206->2226 2225->2226 2231 4e6e8f8-4e6e976 call 4e306e0 call 4e4f790 call 4e50510 call 4e4f5c0 call 4e4d430 call 4e4f610 call 4e4d430 call 4e506a0 call 4e4d430 call 4e4d390 2225->2231 2229 4e6ea26-4e6ea36 call 4e68f20 2226->2229 2230 4e6e999-4e6ea1b call 4e306e0 call 4dc4ec0 call 4e50510 call 4e4f5c0 call 4e4d430 call 4e4f610 call 4e4d430 call 4e506a0 call 4e4d430 call 4e4d390 2226->2230 2238 4e6eab2-4e6eac4 2229->2238 2239 4e6ea38-4e6ea4a 2229->2239 2230->2229 2330 4e6ea1d-4e6ea23 call 4e94070 2230->2330 2231->2226 2331 4e6e978-4e6e97e call 4e94070 2231->2331 2250 4e6eac6-4e6eb27 call 4e306e0 call 4e50510 call 4e4f5c0 call 4e4d430 call 4e4f610 call 4e4d430 * 2 call 4e4d390 2238->2250 2251 4e6eb2c-4e6eb36 2238->2251 2239->2238 2249 4e6ea4c-4e6eaad call 4e306e0 call 4e50510 call 4e4f5c0 call 4e4d430 call 4e4f610 call 4e4d430 * 2 call 4e4d390 2239->2249 2249->2238 2250->2251 2256 4e6eb48-4e6eb66 call 4e30340 2251->2256 2257 4e6eb38-4e6eb46 call 4dc4050 2251->2257 2275 4e6eb78-4e6eb9e call 4e30340 call 4e93f30 2256->2275 2276 4e6eb68-4e6eb76 call 4dc4050 2256->2276 2274 4e6ebb4-4e6ebbb call 4e306c0 2257->2274 2274->2169 2275->2274 2302 4e6eba0-4e6eba3 2275->2302 2276->2274 2302->2274 2308 4e6eba5-4e6ebae CloseHandle 2302->2308 2308->2274 2313 4e6ebb0 2308->2313 2313->2274 2330->2229 2331->2226
                                        APIs
                                          • Part of subcall function 04E30AB0: GetLastError.KERNEL32(04F51C80,04E66E1D,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AB3
                                        • NtDeviceIoControlFile.NTDLL ref: 04E6E6B9
                                          • Part of subcall function 04E50510: GetLocalTime.KERNEL32 ref: 04E50559
                                          • Part of subcall function 04E50510: GetCurrentProcessId.KERNEL32(04EB3000,?,04E9E704,?,04E9DFD8,?,04E9DFD8,75922E80,04EB3000,?,04EB3004,?,04EB3004,75922E80,bx:), ref: 04E50628
                                          • Part of subcall function 04E50510: GetCurrentThreadId.KERNEL32 ref: 04E50644
                                          • Part of subcall function 04E4D390: DbgPrint.NTDLL ref: 04E4D3A9
                                          • Part of subcall function 04E4D390: WriteFile.KERNEL32(00000000,04F51C80,?,?,00000000,?,?,?,?,?,?,?,?,?,04E2C505,?), ref: 04E4D3D6
                                        • NtOpenFile.NTDLL(00000000,00100001,00000000,00000000,00000000,00000040), ref: 04E6E8D0
                                          • Part of subcall function 04E4F790: wsprintfA.USER32 ref: 04E4F967
                                          • Part of subcall function 04E4F790: memcpy.NTDLL(00000000,-00000001,?), ref: 04E4FA06
                                          • Part of subcall function 04E4F790: wsprintfA.USER32 ref: 04E4FAAD
                                          • Part of subcall function 04E94070: HeapFree.KERNEL32(02D20000,00000001,?,04EC8948,04EC8944,?,?,?,?,?,?,?,04E36417,00000001,?), ref: 04E94098
                                          • Part of subcall function 04E93F30: RtlMoveMemory.NTDLL(?,?,00000000), ref: 04E93F3F
                                        • CloseHandle.KERNEL32(?), ref: 04E6EBA6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: File$Currentwsprintf$CloseControlDeviceErrorFreeHandleHeapLastLocalMemoryMoveOpenPrintProcessThreadTimeWritememcpy
                                        • String ID: " doesn't match template \??\<drive>:$" failed, status = $" succeed, handle = $" succeed, returned handle id virtual$" succeed, returned handle is not virtual$4$: NtOpenFile("$: input: "$: original NtDeviceIoControlFile() returned STATUS_OBJECT_NAME_NOT_FOUND, going to check if virtual drive is requested, input: "$BoxedApp::CBoxedAppCore::My_NtDeviceIoControlFile$core
                                        • API String ID: 872436723-19479661
                                        • Opcode ID: b28038461b2ccdfbd17a1a22c911167a1d06c55bf599d43245c657eca0a08df8
                                        • Instruction ID: 8ba45daa331e4ff3c2b21903371034e88a41a3f93696cf3179994b2c772a012b
                                        • Opcode Fuzzy Hash: b28038461b2ccdfbd17a1a22c911167a1d06c55bf599d43245c657eca0a08df8
                                        • Instruction Fuzzy Hash: 91E14B70744301ABEB18FB74DC94DAF73A5AFC4648F406D2CA19697194EE34F909CB92
                                        Function 04DD9810 Relevance: 18.7, APIs: 6, Strings: 4, Instructions: 1166threadnativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2336 4dd9810-4dd982c 2337 4dd982e-4dd982f ResetEvent 2336->2337 2338 4dd9835-4dd985a call 4dc9bd0 2336->2338 2337->2338 2341 4dd9860-4dd987e call 4e13810 2338->2341 2342 4dda642-4dda659 call 4df7920 2338->2342 2349 4dd9884-4dd9890 2341->2349 2350 4dd9fd7-4dd9ffa call 4e305a0 2341->2350 2347 4dda669-4dda66d 2342->2347 2348 4dda65b-4dda664 2342->2348 2352 4dda66f-4dda671 call 4df77e0 2347->2352 2353 4dda676-4dda67f call 4df79c0 2347->2353 2351 4dda717-4dda71c 2348->2351 2361 4dd98c5-4dd98d9 call 4dfe880 2349->2361 2362 4dd9892-4dd989a 2349->2362 2372 4dd9ffc-4dda01c call 4e306c0 2350->2372 2373 4dda043-4dda08c call 4df4450 call 4e30340 call 4e30290 call 4e30340 call 4dcd900 2350->2373 2357 4dda71e-4dda71f SetEvent 2351->2357 2358 4dda725-4dda72a 2351->2358 2352->2353 2368 4dda69a-4dda6b7 call 4df7a60 2353->2368 2369 4dda681-4dda698 2353->2369 2357->2358 2364 4dda72c-4dda73b GetCurrentThread NtQueueApcThread 2358->2364 2365 4dda741-4dda743 2358->2365 2390 4dd98eb-4dd9902 2361->2390 2391 4dd98db-4dd98e9 2361->2391 2366 4dd98a0-4dd98ae 2362->2366 2364->2365 2370 4dda74d-4dda753 2365->2370 2371 4dda745-4dda74a 2365->2371 2366->2370 2381 4dd98b4-4dd98c2 2366->2381 2385 4dda6b9-4dda6d5 call 4df7690 2368->2385 2386 4dda6d7-4dda700 call 4e93f30 call 4df7880 2368->2386 2369->2351 2371->2370 2388 4dda01e-4dda021 2372->2388 2389 4dda026-4dda02c 2372->2389 2424 4dda08e-4dda0c6 call 4e4aa60 call 4e306c0 * 2 2373->2424 2425 4dda0d9-4dda103 call 4dc4470 call 4df7570 call 4e0dac0 2373->2425 2400 4dda706-4dda70c 2385->2400 2386->2400 2388->2389 2389->2370 2396 4dda032-4dda040 2389->2396 2403 4dd9904-4dd990c 2390->2403 2404 4dd9936-4dd9968 call 4df7570 call 4e0dac0 call 4dc23b0 call 4dfee10 2390->2404 2391->2366 2400->2351 2407 4dda70e-4dda714 call 4e94070 2400->2407 2409 4dd9912-4dd9933 call 4de7730 * 2 call 4dc23b0 2403->2409 2438 4dd996a-4dd9972 call 4df75f0 2404->2438 2439 4dd9977-4dd99d5 call 4df4450 call 4e30340 call 4e30290 call 4e30340 call 4dcd900 2404->2439 2407->2351 2424->2389 2451 4dda0cc-4dda0d4 2424->2451 2449 4dda10d-4dda169 call 4e305a0 call 4dc9b90 call 4df4040 call 4df4030 call 4df9030 2425->2449 2450 4dda105-4dda10a 2425->2450 2438->2439 2471 4dd99d7-4dd99fd call 4dc8010 call 4e306c0 2439->2471 2472 4dd9a02-4dd9a33 call 4dc4470 call 4df4030 call 4df9030 2439->2472 2475 4dda1df-4dda1e4 2449->2475 2476 4dda16b-4dda194 call 4df4040 call 4e42f40 call 4de7730 2449->2476 2450->2449 2451->2389 2471->2409 2506 4dd9a6d-4dd9a8d call 4dc76a0 2472->2506 2507 4dd9a35-4dd9a68 call 4df4040 call 4dc84a0 call 4de7730 2472->2507 2480 4dda1ea-4dda26e call 4dc79d0 call 4e30270 call 4e30340 * 2 call 4e30290 call 4e30340 2475->2480 2481 4dda291-4dda29f call 4dc1e50 2475->2481 2476->2475 2511 4dda196-4dda1a1 call 4dfee10 2476->2511 2583 4dda288-4dda28c call 4dc1510 2480->2583 2584 4dda270-4dda283 call 4dc79d0 2480->2584 2496 4dda2a5-4dda2b5 call 4dfefe0 2481->2496 2497 4dda552-4dda565 call 4dc79d0 2481->2497 2496->2497 2509 4dda2bb-4dda313 call 4df8e40 call 4e30620 call 4e305a0 call 4e30340 call 4e30a70 2496->2509 2504 4dda56a-4dda56c 2497->2504 2512 4dda56e-4dda5bb call 4de7730 * 2 call 4e306c0 call 4dc8410 call 4dc8010 call 4e306c0 2504->2512 2513 4dda5c0-4dda5fa call 4de7730 * 2 call 4e306c0 call 4dc8410 call 4dc8010 call 4e306c0 2504->2513 2523 4dd9a8f-4dd9ab0 call 4df4040 2506->2523 2524 4dd9ab6 2506->2524 2507->2506 2610 4dda3cd-4dda3dc call 4e306a0 2509->2610 2611 4dda319-4dda337 call 4e30790 * 2 2509->2611 2536 4dda1ae-4dda1d1 call 4df4040 call 4dc84a0 2511->2536 2537 4dda1a3-4dda1a9 call 4df75f0 2511->2537 2512->2513 2602 4dda5ff-4dda625 call 4df77e0 call 4e138b0 2513->2602 2534 4dd9aba 2523->2534 2571 4dd9ab2-4dd9ab4 2523->2571 2524->2534 2544 4dd9abc-4dd9abf 2534->2544 2568 4dda1d6-4dda1da call 4de7730 2536->2568 2537->2536 2552 4dd9aca-4dd9acc 2544->2552 2553 4dd9ac1-4dd9ac5 call 4de7730 2544->2553 2556 4dd9fa5-4dd9fd2 call 4dc8410 call 4dc8010 call 4e306c0 call 4de7730 2552->2556 2557 4dd9ad2-4dd9ad7 2552->2557 2553->2552 2556->2602 2566 4dd9ad9-4dd9afd call 4e302e0 call 4e30340 RtlCompareUnicodeString 2557->2566 2567 4dd9b03-4dd9b08 2557->2567 2566->2556 2566->2567 2567->2556 2578 4dd9b0e-4dd9b6c call 4e302e0 * 2 call 4e30340 * 2 call 4df4040 2567->2578 2568->2475 2571->2544 2633 4dd9b70-4dd9bc2 call 4dfedf0 call 4dc1c50 call 4e93f10 call 4e30340 RtlCompareUnicodeString 2578->2633 2583->2481 2584->2583 2628 4dda62f-4dda634 2602->2628 2629 4dda627-4dda62c 2602->2629 2617 4dda3e1-4dda404 call 4e308c0 2610->2617 2611->2610 2631 4dda33d-4dda3cb call 4e30340 * 4 call 4e305b0 call 4e30340 call 4dc5ff0 call 4e306c0 2611->2631 2638 4dda47d-4dda4e4 call 4e30270 call 4e30340 * 2 call 4e30290 call 4e30340 2617->2638 2639 4dda406-4dda478 call 4e30340 * 2 call 4e50510 call 4e4f5c0 * 2 call 4e4f610 call 4e4f5c0 call 4e4f610 call 4e4f5c0 call 4e4d390 2617->2639 2628->2342 2632 4dda636-4dda63f 2628->2632 2629->2628 2631->2617 2632->2342 2670 4dd9bc8-4dd9cc6 call 4e302e0 call 4e30340 call 4e302e0 call 4e30340 call 4e302e0 call 4e30340 call 4e302e0 call 4e30340 call 4e302e0 call 4e30340 call 4de7730 2633->2670 2671 4dd9ccb-4dd9cdb 2633->2671 2696 4dda51e-4dda54e call 4dc1510 call 4e306c0 * 3 2638->2696 2697 4dda4e6-4dda519 call 4dc79d0 * 2 2638->2697 2639->2638 2712 4dd9e58-4dd9e62 2670->2712 2681 4dd9cdd-4dd9d0a call 4e535b0 2671->2681 2682 4dd9d0f-4dd9d1e 2671->2682 2701 4dd9e4f-4dd9e53 call 4de7730 2681->2701 2702 4dd9d24-4dd9e1f call 4e302e0 call 4e30340 call 4e302e0 call 4e30340 call 4e302e0 call 4e30340 call 4e302e0 call 4e30340 call 4e302e0 call 4e30340 call 4de7730 2682->2702 2703 4dd9e21-4dd9e4a call 4e30340 call 4dfe760 call 4e306c0 2682->2703 2696->2497 2697->2696 2701->2712 2702->2701 2703->2701 2719 4dd9e64-4dd9e73 call 4e93f30 2712->2719 2720 4dd9e76-4dd9e7c 2712->2720 2719->2720 2727 4dd9e7e-4dd9e88 call 4e93f10 2720->2727 2728 4dd9e8b-4dd9e91 2720->2728 2727->2728 2739 4dd9ea0-4dd9eaa 2728->2739 2740 4dd9e93-4dd9e9d call 4e93f10 2728->2740 2742 4dd9eac-4dd9ec6 call 4e93f30 2739->2742 2743 4dd9ec9-4dd9ecf 2739->2743 2740->2739 2742->2743 2752 4dd9ee8-4dd9eee 2743->2752 2753 4dd9ed1-4dd9ee5 call 4e93f30 2743->2753 2758 4dd9f07-4dd9f0d 2752->2758 2759 4dd9ef0-4dd9f04 call 4e93f30 2752->2759 2753->2752 2765 4dd9f0f-4dd9f1e call 4e93f30 2758->2765 2766 4dd9f21-4dd9f27 2758->2766 2759->2758 2765->2766 2768 4dd9f29-4dd9f38 call 4e93f30 2766->2768 2769 4dd9f3b-4dd9f41 2766->2769 2768->2769 2776 4dd9f55-4dd9f5b 2769->2776 2777 4dd9f43-4dd9f52 call 4e93f30 2769->2777 2782 4dd9f5d-4dd9f6c call 4e93f30 2776->2782 2783 4dd9f6f-4dd9f96 call 4df7730 call 4dc2340 2776->2783 2777->2776 2782->2783 2783->2633 2798 4dd9f9c-4dd9fa0 call 4de7730 2783->2798 2798->2556
                                        APIs
                                        • ResetEvent.KERNEL32(?), ref: 04DD982F
                                        • RtlCompareUnicodeString.NTDLL(?,00000000,04E9E708), ref: 04DD9AF5
                                          • Part of subcall function 04E93F30: RtlMoveMemory.NTDLL(?,?,00000000), ref: 04E93F3F
                                          • Part of subcall function 04DF75F0: GetCurrentThreadId.KERNEL32 ref: 04DF75F9
                                          • Part of subcall function 04DF75F0: InterlockedCompareExchange.KERNEL32(?,00000000), ref: 04DF7615
                                          • Part of subcall function 04DF75F0: InterlockedExchange.KERNEL32(?,00000000), ref: 04DF7652
                                          • Part of subcall function 04DF75F0: InterlockedDecrement.KERNEL32(?), ref: 04DF7663
                                          • Part of subcall function 04DF75F0: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,?,04DDA1AE,?,00000000), ref: 04DF7671
                                          • Part of subcall function 04DF77E0: GetCurrentThreadId.KERNEL32 ref: 04DF77E9
                                          • Part of subcall function 04DF77E0: InterlockedCompareExchange.KERNEL32(?,00000000), ref: 04DF7805
                                          • Part of subcall function 04DF77E0: InterlockedExchange.KERNEL32(?,00000000), ref: 04DF783B
                                          • Part of subcall function 04DF77E0: InterlockedDecrement.KERNEL32(?), ref: 04DF784C
                                          • Part of subcall function 04DF77E0: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,04DDA676,?,?), ref: 04DF785A
                                          • Part of subcall function 04DF7A60: GetCurrentThreadId.KERNEL32 ref: 04DF7A6A
                                          • Part of subcall function 04DF7A60: InterlockedCompareExchange.KERNEL32(?,00000000), ref: 04DF7A86
                                          • Part of subcall function 04DF7A60: InterlockedExchange.KERNEL32(?,00000000), ref: 04DF7ACC
                                          • Part of subcall function 04DF7A60: InterlockedDecrement.KERNEL32(?), ref: 04DF7ADD
                                          • Part of subcall function 04DF7A60: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,?,04DDA6AE,?,?,?), ref: 04DF7AEB
                                          • Part of subcall function 04DF7690: GetCurrentThreadId.KERNEL32 ref: 04DF7699
                                          • Part of subcall function 04DF7690: InterlockedCompareExchange.KERNEL32(?,00000000), ref: 04DF76B5
                                          • Part of subcall function 04DF7690: InterlockedExchange.KERNEL32(?,00000000), ref: 04DF76E8
                                          • Part of subcall function 04DF7690: InterlockedDecrement.KERNEL32(?), ref: 04DF76F9
                                          • Part of subcall function 04DF7690: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,04DDA6C0,?,?,?), ref: 04DF7707
                                        • RtlCompareUnicodeString.NTDLL(?,00000000,00000001), ref: 04DD9BB4
                                          • Part of subcall function 04E302E0: RtlInitUnicodeString.NTDLL(?,00000000), ref: 04E302E9
                                        • SetEvent.KERNEL32(?), ref: 04DDA71F
                                        • GetCurrentThread.KERNEL32 ref: 04DDA734
                                        • NtQueueApcThread.NTDLL(00000000), ref: 04DDA73B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Exchange$CompareThread$Current$DecrementReleaseSemaphore$StringUnicode$Event$InitMemoryMoveQueueReset
                                        • String ID: strOriginalPath = $, strFullDestPath: $[Isolation] NtQueryDirectoryInternal$core
                                        • API String ID: 3472816904-3104226743
                                        • Opcode ID: 95824fdf2bb5b014fd595ecebcdc26fac49b510274e71b90ae54d22636122bb2
                                        • Instruction ID: 2c1d9c4e6f2cba2729d18c9ae72a96bc61939e0b29cdd3effdda07d87ef3867e
                                        • Opcode Fuzzy Hash: 95824fdf2bb5b014fd595ecebcdc26fac49b510274e71b90ae54d22636122bb2
                                        • Instruction Fuzzy Hash: 11924F712043419FE715EF64C894EAFB3E9AFD8318F10491DE58A87294EB34F945CBA2
                                        Function 04E80D60 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 299filenativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2984 4e80d60-4e80d7b call 4e30ab0 TlsGetValue 2987 4e80d7d-4e80dc8 NtOpenFile call 4e30ae0 2984->2987 2988 4e80dd6-4e80ddc 2984->2988 2996 4e80dcd-4e80dd3 2987->2996 2989 4e80dde 2988->2989 2990 4e80de4-4e80df7 2988->2990 2989->2990 2992 4e80e08-4e80e32 2990->2992 2993 4e80df9-4e80e00 2990->2993 2999 4e80e38-4e80e79 call 4dc4c20 call 4e50510 call 4e4f5c0 call 4e4d430 2992->2999 3000 4e80f55-4e80f90 2992->3000 2993->2992 2995 4e80e02-4e80e03 call 4e7eec0 2993->2995 2995->2992 3019 4e80e7b-4e80e8e call 4e94070 2999->3019 3020 4e80e92-4e80f09 call 4e4e6f0 call 4e4e180 call 4e4d450 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e4d390 2999->3020 3007 4e8112f-4e81143 call 4e30ae0 3000->3007 3008 4e80f96-4e80fd7 call 4dc4c20 call 4e50510 call 4e4f5c0 call 4e4d430 3000->3008 3032 4e80fd9-4e80fec call 4e94070 3008->3032 3033 4e80ff0-4e810b0 call 4dc4ec0 call 4e4f790 call 4e4e6f0 call 4e4e180 call 4e4d450 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e4d390 3008->3033 3019->3020 3071 4e80f0b-4e80f1c call 4e94070 3020->3071 3072 4e80f20-4e80f26 3020->3072 3032->3033 3099 4e810b2-4e810c3 call 4e94070 3033->3099 3100 4e810c7-4e810cd 3033->3100 3071->3072 3075 4e80f28-4e80f39 call 4e94070 3072->3075 3076 4e80f3d-4e80f43 3072->3076 3075->3076 3080 4e80f4e 3076->3080 3081 4e80f45-4e80f4b call 4e94070 3076->3081 3080->3000 3081->3080 3099->3100 3102 4e810cf-4e810e0 call 4e94070 3100->3102 3103 4e810e4-4e810ea 3100->3103 3102->3103 3106 4e810ec-4e810fd call 4e94070 3103->3106 3107 4e81101-4e81107 3103->3107 3106->3107 3110 4e81109-4e8111a call 4e94070 3107->3110 3111 4e8111e-4e81124 3107->3111 3110->3111 3111->3007 3113 4e81126-4e8112c call 4e94070 3111->3113 3113->3007
                                        APIs
                                          • Part of subcall function 04E30AB0: GetLastError.KERNEL32(04F51C80,04E66E1D,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AB3
                                        • TlsGetValue.KERNEL32(00000014), ref: 04E80D73
                                        • NtOpenFile.NTDLL ref: 04E80DC0
                                          • Part of subcall function 04E30AE0: GetLastError.KERNEL32(00000000,04E66E83,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AE3
                                          • Part of subcall function 04E30AE0: SetLastError.KERNEL32(00000000,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AEE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorLast$FileOpenValue
                                        • String ID: , DesiredAccess: $, OpenOptions: $, ShareAccess: $, handle: $, status: $CBoxedAppCore::My_NtOpenFile, szPath: $core
                                        • API String ID: 3752247634-1122634519
                                        • Opcode ID: 2399acf54704b43a9ab067e65c946f2337efdadc37f36347c8583a393cd1d9a4
                                        • Instruction ID: 84def71eb2e2058ca96bee3afc05182ce1c45fd3007fa6f93c5c68b7404d94c9
                                        • Opcode Fuzzy Hash: 2399acf54704b43a9ab067e65c946f2337efdadc37f36347c8583a393cd1d9a4
                                        • Instruction Fuzzy Hash: 69A13171A14300ABEB14EF64D850A6FB7E9AFC4B08F005D2DB489D7251EA74FD05CB92
                                        Function 04E67B00 Relevance: 12.1, APIs: 8, Instructions: 60nativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • TlsGetValue.KERNEL32(00000014,00000000,?,00000000,04E97792,?,00000010,04EC8C14,00000000,04E6F12E,00000000,?,?,?,00000000,?), ref: 04E67B0F
                                        • TlsSetValue.KERNEL32(00000014,-00000001,?,?,?,00000000,?), ref: 04E67B22
                                        • NtSetSecurityObject.NTDLL(?,?,?), ref: 04E67B3C
                                        • TlsGetValue.KERNEL32(00000014,?,?,?,00000000,?), ref: 04E67B4B
                                        • TlsSetValue.KERNEL32(00000014,-00000001,?,?,?,00000000,?), ref: 04E67B57
                                        • NtSetSecurityObject.NTDLL(?,?,?,00000000,?), ref: 04E67B76
                                        • TlsGetValue.KERNEL32(00000014,?,?,?,00000000,?), ref: 04E67B80
                                        • TlsSetValue.KERNEL32(00000014,-00000001,?,?,?,00000000,?), ref: 04E67B8D
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Value$ObjectSecurity
                                        • String ID:
                                        • API String ID: 2619037843-0
                                        • Opcode ID: 27bdc781b4484093867e4c6aa21cf7a69d73e83c9e4f7e1a6413d2a8ec5b2d73
                                        • Instruction ID: ddf189b1627d3d80a386ab825a87e6ff3bca3e16455db6fc6b7668bd6dca7b2e
                                        • Opcode Fuzzy Hash: 27bdc781b4484093867e4c6aa21cf7a69d73e83c9e4f7e1a6413d2a8ec5b2d73
                                        • Instruction Fuzzy Hash: 0911FEB6710215AFC600FFAEEE84C6677EEFBD82567044929F504C3315CA39EC068B61
                                        Function 04E7DAB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32(00000000,?,00000018,00000000,00000000,?,?,?,?,?,?,?,?,?,?,04E7DC4F), ref: 04E7DAC6
                                        • NtQueryInformationProcess.NTDLL(00000000), ref: 04E7DACD
                                          • Part of subcall function 04E302E0: RtlInitUnicodeString.NTDLL(?,00000000), ref: 04E302E9
                                        • RtlCompareUnicodeString.NTDLL(?,00000000,comdlg32.dll), ref: 04E7DAFC
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ProcessStringUnicode$CompareCurrentInformationInitQuery
                                        • String ID: comdlg32.dll
                                        • API String ID: 950093785-3498487378
                                        • Opcode ID: 8bd3463dcfb9b27183fbcce7670526e7032b448bfa6a21d12584490dac7bead6
                                        • Instruction ID: bfe319f6ac83b5a7ae7eaa0eaebd276f992e7417592449e4d70549932b92be47
                                        • Opcode Fuzzy Hash: 8bd3463dcfb9b27183fbcce7670526e7032b448bfa6a21d12584490dac7bead6
                                        • Instruction Fuzzy Hash: EB0162712042006FD714DF51C885E9BB3A9FF88266F04852DFD8697245EA34FC49C7A1
                                        Function 04E6CF50 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 295nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E30AB0: GetLastError.KERNEL32(04F51C80,04E66E1D,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AB3
                                        • NtQueryInformationProcess.NTDLL ref: 04E6D332
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorInformationLastProcessQuery
                                        • String ID: \??\
                                        • API String ID: 932940343-3047946824
                                        • Opcode ID: f7a62ab46b67cd9aca83b2bcd838c56e98e1cb46f545b407cc93b5272706752b
                                        • Instruction ID: 3eb6fbc0402297e4ee3fcb7f881342be644b1409e48951ffb387dada0272f0cd
                                        • Opcode Fuzzy Hash: f7a62ab46b67cd9aca83b2bcd838c56e98e1cb46f545b407cc93b5272706752b
                                        • Instruction Fuzzy Hash: 3FB148B16083419BD720EF14D880DAFB3E9AFC8748F44591DF58A87255EB34FA45CBA2
                                        Function 04DFF150 Relevance: 4.7, APIs: 3, Instructions: 208filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: File$Open$DirectoryQuery
                                        • String ID:
                                        • API String ID: 1030887729-0
                                        • Opcode ID: 479638c93ed4c31215cd0c48a6e747784a262279d91480f43621fb7c34b64ef8
                                        • Instruction ID: a740ebd47774bcb98c58039b1e89f29bb3e8dcc7a271f65c3bcc91afb48705f2
                                        • Opcode Fuzzy Hash: 479638c93ed4c31215cd0c48a6e747784a262279d91480f43621fb7c34b64ef8
                                        • Instruction Fuzzy Hash: C661A375700200ABEB25EBA4CC94FBF73A9AF88718F01051DFA469B284DA34FD44C791
                                        Function 02656010 Relevance: 4.0, Strings: 2, Instructions: 1460COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Tjq$d
                                        • API String ID: 0-4176660553
                                        • Opcode ID: bcd67eba402c551db8e8e66b49962d18e00c3220bec3834ce9c06a746147ee51
                                        • Instruction ID: 84dda0bd55a4216c766470a6b0101b576a203452ccad6d4eb2f04cca74ecce9a
                                        • Opcode Fuzzy Hash: bcd67eba402c551db8e8e66b49962d18e00c3220bec3834ce9c06a746147ee51
                                        • Instruction Fuzzy Hash: 82B24C76A102159FCF06CF94C984D99BBB6FF48310B0A81E5E6099F272C732E9A5DF50
                                        Function 04E85F30 Relevance: 3.1, APIs: 2, Instructions: 66nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E30AB0: GetLastError.KERNEL32(04F51C80,04E66E1D,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AB3
                                        • TlsGetValue.KERNEL32(00000014), ref: 04E85F43
                                        • NtClose.NTDLL ref: 04E85F69
                                          • Part of subcall function 04E30AE0: GetLastError.KERNEL32(00000000,04E66E83,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AE3
                                          • Part of subcall function 04E30AE0: SetLastError.KERNEL32(00000000,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AEE
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorLast$CloseValue
                                        • String ID:
                                        • API String ID: 3977708301-0
                                        • Opcode ID: d857deba2e10f792a72ef97d4ced995ed7eafeb34ac31be7384222c8f0f8cb35
                                        • Instruction ID: a736e70f6c2cb1d86c9359ea5c693966beaaa9522fb544587b94b1e850736be3
                                        • Opcode Fuzzy Hash: d857deba2e10f792a72ef97d4ced995ed7eafeb34ac31be7384222c8f0f8cb35
                                        • Instruction Fuzzy Hash: 0B114A72204211ABC704FB68EC80C9BB3A9BF98655B04852DF94AC7255DB34FD4ACBA1
                                        Function 0265600F Relevance: 2.1, Strings: 1, Instructions: 853COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Tjq
                                        • API String ID: 0-3168684612
                                        • Opcode ID: 811917d1c0bea7e7e12ae1bf1b10677eecb3488dd3f9e0eb811be029ac6ca5c1
                                        • Instruction ID: 09ba386d79ad5a538346a219eba35b25f6a49cdafc1e7e1eb3235ef93b8580c7
                                        • Opcode Fuzzy Hash: 811917d1c0bea7e7e12ae1bf1b10677eecb3488dd3f9e0eb811be029ac6ca5c1
                                        • Instruction Fuzzy Hash: 4852A076A10616AFCF468F94DD44D95BBB2BF4C310B0A81D4E6096F236C732E9A5EF40
                                        Function 02652CF7 Relevance: 1.8, Instructions: 1799COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 990a4a169e18825fa5556fb07eec02fe781d7d0dd91ccd5c588c4a5c48787b5d
                                        • Instruction ID: ccf50a49f9e8d2dd4f03e54320e316e6af8f4dbace2922147376530ec0a8b9d1
                                        • Opcode Fuzzy Hash: 990a4a169e18825fa5556fb07eec02fe781d7d0dd91ccd5c588c4a5c48787b5d
                                        • Instruction Fuzzy Hash: 35E2D532F002258BCB54AF79D9546ADBAE3AFC5300F4545AED80EEB366DE748D458F80
                                        Function 02652DC8 Relevance: 1.8, Instructions: 1780COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 515af000c79d561a368ce7d15fe94e33a11475b5ca09f2549bfe815e3582b895
                                        • Instruction ID: cb2efd6617d66788f0a18568c73696b9da71e08b9ccb5947ef07c2943b1f85fb
                                        • Opcode Fuzzy Hash: 515af000c79d561a368ce7d15fe94e33a11475b5ca09f2549bfe815e3582b895
                                        • Instruction Fuzzy Hash: 34E2E532F102258BCB54AF79D9546ADB6E3AFC4300F4585AED80EEB366DE748D458F80
                                        Function 02652D37 Relevance: 1.8, Instructions: 1763COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be22d8342a7e2d3fdf3fbed2153ebe70075c9096f753b3b49ef26db0207c5ce7
                                        • Instruction ID: 552bd4f44939b06142ef86b1b8ca811194379acfc40369ab5e5d5d268bf68f12
                                        • Opcode Fuzzy Hash: be22d8342a7e2d3fdf3fbed2153ebe70075c9096f753b3b49ef26db0207c5ce7
                                        • Instruction Fuzzy Hash: 2AE2D532F102258BCB54AF79D9546ADB6E3AFC8300F4545AED80EEB366DE748D458F80
                                        Function 02652D67 Relevance: 1.8, Instructions: 1753COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 278f8dabb9b5769f7599bbf795fe5c4162743cb581b6338039e65e1cc51f7674
                                        • Instruction ID: f0ccee2e83ec18ce52432935fdae51d5f42cb66c5ca1cef9442640f7c00ae091
                                        • Opcode Fuzzy Hash: 278f8dabb9b5769f7599bbf795fe5c4162743cb581b6338039e65e1cc51f7674
                                        • Instruction Fuzzy Hash: 44E2D532F102258BCB54AF79D9546ADB6E3AFC8300F4545AED80EEB366DE748D458F80
                                        Function 02652D77 Relevance: 1.7, Instructions: 1745COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 74e61791f70a9d6d2ea83c29606686dfbd4795cfcd46707300036d15a7d7d580
                                        • Instruction ID: ce351e8fa9c2faef767b0f9e33d184e3d5ac26239ed89346ae2e6b7a74a4475d
                                        • Opcode Fuzzy Hash: 74e61791f70a9d6d2ea83c29606686dfbd4795cfcd46707300036d15a7d7d580
                                        • Instruction Fuzzy Hash: 2AE2D532F102258BCB54AF79D9546ADB6E3AFC4300F4545AED80EEB366DE748D458F80
                                        Function 02652D87 Relevance: 1.7, Instructions: 1741COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: af890c4591104a1ff15cef818e9b41917f0861ab26431a1534a7b7bdd43e7016
                                        • Instruction ID: 77379b6774b0aa4f97141268c034336e40d016a980c65383fae885e957f0767f
                                        • Opcode Fuzzy Hash: af890c4591104a1ff15cef818e9b41917f0861ab26431a1534a7b7bdd43e7016
                                        • Instruction Fuzzy Hash: F1E2D532F102258BCB54AF79D9546ADB6E3AFC8300F4545AED80EEB366DE748D458F80
                                        Function 02652D47 Relevance: 1.7, Instructions: 1734COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 86343c9e6d882cc75deb3d54c7a7f63665fada9fdddc6238bed2c14f172b3276
                                        • Instruction ID: 9bdd9cb9daefb5da5eeb30cd75cdafdd0aec037a81312367765a5490bf46b0f6
                                        • Opcode Fuzzy Hash: 86343c9e6d882cc75deb3d54c7a7f63665fada9fdddc6238bed2c14f172b3276
                                        • Instruction Fuzzy Hash: FBE2D632F102258BCB54AF79D9546ADB6E3AFC4300F4585AED80EEB366DE748D458F80
                                        Function 02652D97 Relevance: 1.7, Instructions: 1734COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c6a6b2910b5abc93927b1e9f46ef57a9ec61bd2ce5cb7b68ffe6088d4cb79ecf
                                        • Instruction ID: 0286cafa46dded15dd0ff9b916a118fe96f2b7de12c6a32f6d68311737ced394
                                        • Opcode Fuzzy Hash: c6a6b2910b5abc93927b1e9f46ef57a9ec61bd2ce5cb7b68ffe6088d4cb79ecf
                                        • Instruction Fuzzy Hash: 60E2E632F102258BCB54AF79D9546ADB6E3AFC8300F4545AED80EEB366DE748D458F80
                                        Function 04DFF5C0 Relevance: 1.5, APIs: 1, Instructions: 45filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtOpenFile.NTDLL ref: 04DFF61F
                                          • Part of subcall function 04E665A0: NtClose.NTDLL ref: 04E665BF
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CloseFileOpen
                                        • String ID:
                                        • API String ID: 284361766-0
                                        • Opcode ID: 32a67d6123a4307eb85fdc09194c47029f1fff63242f7be067f250d755c822ba
                                        • Instruction ID: 98b4c83f9b40c34b78799b7e4db65ad5dde0ebb87873f9479637b7fdf36620d6
                                        • Opcode Fuzzy Hash: 32a67d6123a4307eb85fdc09194c47029f1fff63242f7be067f250d755c822ba
                                        • Instruction Fuzzy Hash: B001A2B1B042106BEA14E7A8CC95B5B33D86F4C719F000918F699E72C4EA74E944CBD6
                                        Function 04E4C350 Relevance: 1.5, APIs: 1, Instructions: 29filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtQueryDirectoryFile.NTDLL ref: 04E4C39A
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: DirectoryFileQuery
                                        • String ID:
                                        • API String ID: 3295332484-0
                                        • Opcode ID: 0048ddb49c16115757e8f1410dcebe5c8d5bc76a5152452a0bbe9e5c08f03214
                                        • Instruction ID: 2d0b8577e08db67978c5cbfa836b820559bb86f7a729404a55d6bbcd47144b92
                                        • Opcode Fuzzy Hash: 0048ddb49c16115757e8f1410dcebe5c8d5bc76a5152452a0bbe9e5c08f03214
                                        • Instruction Fuzzy Hash: E9F0BDB62046019FC240DA9DC980D5BBBF9AFCC659F148B1CF55CE3225D634EA918B62
                                        Function 04E4BFF0 Relevance: 1.5, APIs: 1, Instructions: 29filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CreateFile
                                        • String ID:
                                        • API String ID: 823142352-0
                                        • Opcode ID: a23b8f392a50c1ada6cd01fac28056206674cedf29ba309e2088b673b1481cde
                                        • Instruction ID: df608fcd0d7f3c87d7078e369a95c6879695fa60287ad997f1874230eadffa80
                                        • Opcode Fuzzy Hash: a23b8f392a50c1ada6cd01fac28056206674cedf29ba309e2088b673b1481cde
                                        • Instruction Fuzzy Hash: 0DF0BDB52086009FC240DB9DC880D4BBBF9AFCC669F148B1CF55CE3225D634EA918B62
                                        Function 04E4C500 Relevance: 1.5, APIs: 1, Instructions: 27filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ControlFile
                                        • String ID:
                                        • API String ID: 1795486800-0
                                        • Opcode ID: 1db4e37168f2f6f59290021a9df2b284e9f7ddbaa2a4cbb6b5890f95fbc3c71c
                                        • Instruction ID: 6acdf18fbf9de962df07d7c518a7041dfeb3c2aa9eec5a0700b003d3e9b25018
                                        • Opcode Fuzzy Hash: 1db4e37168f2f6f59290021a9df2b284e9f7ddbaa2a4cbb6b5890f95fbc3c71c
                                        • Instruction Fuzzy Hash: 15F0BAB52056009FC240DB5ACA80D1BB7F9AFCCB19F108A9CB15CE3255D634FE118B62
                                        Function 04E4C200 Relevance: 1.5, APIs: 1, Instructions: 27nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: SectionView
                                        • String ID:
                                        • API String ID: 1323581903-0
                                        • Opcode ID: 08f0f82d85b977ebbd5388824650de67f16d7b35c08c0c7e30fc4dbd20d6f7d2
                                        • Instruction ID: 437b698c0228c2e70ae93ee95cb579030146911c8fed6e64e4fd710b847a5489
                                        • Opcode Fuzzy Hash: 08f0f82d85b977ebbd5388824650de67f16d7b35c08c0c7e30fc4dbd20d6f7d2
                                        • Instruction Fuzzy Hash: 16F0BAB52056009FC240DB5ACA80D1BB7F9AFCCB09F108A9CB19CE3255D634FE118B62
                                        Function 04E4C0C0 Relevance: 1.5, APIs: 1, Instructions: 25filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: FileWrite
                                        • String ID:
                                        • API String ID: 3934441357-0
                                        • Opcode ID: b4ab4eecf28c20f663d5e5657161349464704dbda0ee71fa8b8dd615ad378eb5
                                        • Instruction ID: eaa6664a9275168b8ed6c4a53a726579206f84f389905149afb3adda2ec2d63f
                                        • Opcode Fuzzy Hash: b4ab4eecf28c20f663d5e5657161349464704dbda0ee71fa8b8dd615ad378eb5
                                        • Instruction Fuzzy Hash: AAF0C8B52046409FC344DA99C980D1BB7F9BFCC609F148A5CB1DCE3215D638EA118B62
                                        Function 04E4C070 Relevance: 1.5, APIs: 1, Instructions: 25filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: FileRead
                                        • String ID:
                                        • API String ID: 2738559852-0
                                        • Opcode ID: 53f26f02c1b5c58959579f60040d9bd7c68e30eea908965ffae610e3a4d7c11a
                                        • Instruction ID: 5ac6fe84b7c7938179dc5fa037bb2a8885279ad694d0abaacffc7606315e088f
                                        • Opcode Fuzzy Hash: 53f26f02c1b5c58959579f60040d9bd7c68e30eea908965ffae610e3a4d7c11a
                                        • Instruction Fuzzy Hash: 6BF0C8B52046409FC344DA99C980D1BB7F9BFCC609F148A5CB1DDE3215D639EA118B62
                                        Function 04E4C1C0 Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CreateSection
                                        • String ID:
                                        • API String ID: 2449625523-0
                                        • Opcode ID: 5ee3d0ee30ad324c1756ac01181e5d96cf4b50130bdf2975ac3491b1fad9b806
                                        • Instruction ID: 7b196da1dc8bb72bc0bfcb30607391edacf9b34f6d71494f4ce8af043e73480a
                                        • Opcode Fuzzy Hash: 5ee3d0ee30ad324c1756ac01181e5d96cf4b50130bdf2975ac3491b1fad9b806
                                        • Instruction Fuzzy Hash: 82E0FDB56046019FC240DF99C890D4BB7F9AFDC645F10851CB559C3226D634E8468BA1
                                        Function 04E4BA80 Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: DuplicateObject
                                        • String ID:
                                        • API String ID: 3677547684-0
                                        • Opcode ID: 770a18ad11084eb973916198bc4cdd8fde85832ff5d0aa6553bb3bb3463e902c
                                        • Instruction ID: d1765df1bf739777318f0952997dbe13b56ce61bf3ec6fd8620203b212597095
                                        • Opcode Fuzzy Hash: 770a18ad11084eb973916198bc4cdd8fde85832ff5d0aa6553bb3bb3463e902c
                                        • Instruction Fuzzy Hash: 1AE00AB5204602AFC240DF9DC880D4BBBF9AFEC745F10891CB559D3226D734E986CBA2
                                        Function 04E4BFB0 Relevance: 1.5, APIs: 1, Instructions: 19filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: FileOpen
                                        • String ID:
                                        • API String ID: 2669468079-0
                                        • Opcode ID: 642740972bf9e0f697aa6d9f0f3bfa607118ba45c7536fd524de0611f4355ae0
                                        • Instruction ID: debf34378607d4d6d3bc3bcc9e5e801183b4700243fac810beee5213627d27b5
                                        • Opcode Fuzzy Hash: 642740972bf9e0f697aa6d9f0f3bfa607118ba45c7536fd524de0611f4355ae0
                                        • Instruction Fuzzy Hash: 5DE002B52046029FC240DF59DA80D1BB7F9AFCCA01F108919B159E7225D634ED09DB72
                                        Function 04E4C4C0 Relevance: 1.5, APIs: 1, Instructions: 17filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtQueryVolumeInformationFile.NTDLL ref: 04E4C4EC
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: FileInformationQueryVolume
                                        • String ID:
                                        • API String ID: 634242254-0
                                        • Opcode ID: 04660361b98ff8eae3d3d037eddb4678e1dc5050bd83cf8b4b3e4227a1505e37
                                        • Instruction ID: 1fc03c2d7553ddedbdcb04b3ae25d5903419966b8190213ae572ef3acfbeb3d1
                                        • Opcode Fuzzy Hash: 04660361b98ff8eae3d3d037eddb4678e1dc5050bd83cf8b4b3e4227a1505e37
                                        • Instruction Fuzzy Hash: BCE02DB52043429BC240DF99C980D1BB3F9BFCC601F14891CB169D3215C734E8058B62
                                        Function 04E4C110 Relevance: 1.5, APIs: 1, Instructions: 17filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtSetInformationFile.NTDLL ref: 04E4C13C
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: FileInformation
                                        • String ID:
                                        • API String ID: 4253254148-0
                                        • Opcode ID: 4b4902281e1fb7a5b57456c95ac936febfc30ef0dd93250572c871abafd7967d
                                        • Instruction ID: 4cd9d4c6a33a455095058ceb247293be596cc5d052c87e4e2461c793d2032305
                                        • Opcode Fuzzy Hash: 4b4902281e1fb7a5b57456c95ac936febfc30ef0dd93250572c871abafd7967d
                                        • Instruction Fuzzy Hash: 6AE02DB52053429BC240DF99C980D1BB3E9BFCC605F14891CB1A9D3225C734E8158B62
                                        Function 04E665A0 Relevance: 1.5, APIs: 1, Instructions: 15nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Close
                                        • String ID:
                                        • API String ID: 3535843008-0
                                        • Opcode ID: 391f264cfc88566effa86ea6048a90dcbb0e30f3a0443de849f97f9063f54f63
                                        • Instruction ID: 170074aecaf8e8d9fd9d465f0d2b7fe9b81843c8ffef084a44b9d8144bbc48d2
                                        • Opcode Fuzzy Hash: 391f264cfc88566effa86ea6048a90dcbb0e30f3a0443de849f97f9063f54f63
                                        • Instruction Fuzzy Hash: 7CD017316441028BCA00DB74D981E5573E5FB68741B0485B5E009C7294CA38EC46CB01
                                        Function 04E4C5B0 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ObjectSecurity
                                        • String ID:
                                        • API String ID: 2240786066-0
                                        • Opcode ID: 14397fa485a07609cf2c6df1e87c9638250e6d99b1f5d169964bb907302802f6
                                        • Instruction ID: fa453ef87d5174a4bfa5584fa04246c7f58bbe9b88d09d5d662ec984b90e1ae6
                                        • Opcode Fuzzy Hash: 14397fa485a07609cf2c6df1e87c9638250e6d99b1f5d169964bb907302802f6
                                        • Instruction Fuzzy Hash: DCD09275204201AFC200DB98C880E0BB7E9FFDC305F10C528B5A8C3229CA34E841CB51
                                        Function 04E4C190 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: OpenSection
                                        • String ID:
                                        • API String ID: 1950954290-0
                                        • Opcode ID: 83cf05927a25d33bd873b0157c59824ff41e3edbb1e8d8f07430936a0c90fa19
                                        • Instruction ID: c00e2d465db5321b044193f769ff9b005bd2b5dc5aa447fbf817a92e9385117e
                                        • Opcode Fuzzy Hash: 83cf05927a25d33bd873b0157c59824ff41e3edbb1e8d8f07430936a0c90fa19
                                        • Instruction Fuzzy Hash: 00D09275204201AFC200DB98C884E0BB7E9EFCC305F10C518B56CC3225CA34E841CB61
                                        Function 04E4BCF0 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Open
                                        • String ID:
                                        • API String ID: 71445658-0
                                        • Opcode ID: e846e0999811f36a60c65f0b2fa6aecb9ca0711abfc11aaeb8d9b90c124c79c6
                                        • Instruction ID: e9ee519ddac4f1b549e15cb3d4c82d9c21f91f062dafa6dff0403e4a3ea4d6a3
                                        • Opcode Fuzzy Hash: e846e0999811f36a60c65f0b2fa6aecb9ca0711abfc11aaeb8d9b90c124c79c6
                                        • Instruction Fuzzy Hash: F2D09275204201AFC200EB98C880E0BB7F9EFCC305F10C519B568C7225CA34E841CB61
                                        Function 04E4C290 Relevance: 1.5, APIs: 1, Instructions: 11nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtUnmapViewOfSection.NTDLL ref: 04E4C2AD
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: SectionUnmapView
                                        • String ID:
                                        • API String ID: 498011366-0
                                        • Opcode ID: b5b44857fded33acac95caa2b8398ab422c098d1221bfc1e30858d41f4e6689c
                                        • Instruction ID: 29356a572505e3940cd884e0c6567b8d1697dca471d9ad875ded6a071e8efe23
                                        • Opcode Fuzzy Hash: b5b44857fded33acac95caa2b8398ab422c098d1221bfc1e30858d41f4e6689c
                                        • Instruction Fuzzy Hash: 52D0CA74200200AFC200EB28CA80E1BB7A9BFC8301B10C628A09893269CA34EC01DB51
                                        Function 04E4C3A0 Relevance: 1.5, APIs: 1, Instructions: 11filenativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtQueryAttributesFile.NTDLL ref: 04E4C3BD
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: AttributesFileQuery
                                        • String ID:
                                        • API String ID: 2106648053-0
                                        • Opcode ID: 315d2f4b215137869164198c3b3d23eaccac0193b083527b71505ecfacb4e64c
                                        • Instruction ID: 44fcc66bb7abb6d2b6b0feaafc82976329e826a05921f87f1081b1e71c89e46f
                                        • Opcode Fuzzy Hash: 315d2f4b215137869164198c3b3d23eaccac0193b083527b71505ecfacb4e64c
                                        • Instruction Fuzzy Hash: 9ED0CA78205200ABC200EB28CA80E1BB7A9AFCC301B10C568A09883229CA38EC029A11
                                        Function 04E4BA50 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Close
                                        • String ID:
                                        • API String ID: 3535843008-0
                                        • Opcode ID: 173d9df2f36c615babb380dcdc769afc829321b60351e30f78627e5af1b1180c
                                        • Instruction ID: cb3947ef6e188f07c0de6b6ec190446bbcbaabfd86d3c722d2c26e426ba35679
                                        • Opcode Fuzzy Hash: 173d9df2f36c615babb380dcdc769afc829321b60351e30f78627e5af1b1180c
                                        • Instruction Fuzzy Hash: 3BC012706042008BC200EB68C984A0A73A5EBAC341F008028A01C87206CA38FC02CA00
                                        Function 04E377C0 Relevance: 61.9, APIs: 25, Strings: 10, Instructions: 690filesynchronizationthreadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 232 4e377c0-4e377dc 233 4e37804-4e3787a GetCurrentProcessId OpenProcess call 4e97780 call 4e97bb0 wsprintfW CreateMutexW 232->233 234 4e377de-4e377e0 232->234 242 4e378a2-4e378f5 call 4e97780 call 4e97bb0 wsprintfW CreateMutexW 233->242 243 4e3787c-4e3787e 233->243 234->233 235 4e377e2-4e37802 GetCurrentProcessId call 4e97b60 GetCurrentThreadId 234->235 235->233 253 4e378f7-4e378fa 242->253 254 4e3790c-4e37914 242->254 245 4e38080-4e3808c 243->245 246 4e37884-4e37887 243->246 246->245 247 4e3788d-4e3789f call 4e665a0 246->247 253->254 255 4e378fc-4e37904 call 4e665a0 253->255 256 4e37947-4e3799a call 4e97780 call 4e97bb0 wsprintfW CreateMutexW 254->256 257 4e37916-4e37936 OpenMutexW call 4dc1530 254->257 255->254 266 4e37906 255->266 272 4e379b1-4e379bb 256->272 273 4e3799c-4e3799f 256->273 257->256 264 4e37938-4e3793b 257->264 267 4e37941-4e37942 264->267 268 4e3806d-4e38073 264->268 266->254 270 4e38068 call 4e665a0 267->270 268->245 271 4e38075-4e38078 268->271 270->268 271->245 276 4e3807a-4e3807b call 4e665a0 271->276 277 4e379ee-4e37a69 call 4e97780 call 4e94ba0 * 2 call 4e97bb0 wsprintfW CreateFileMappingW call 4dc1530 272->277 278 4e379bd-4e379dd OpenMutexW call 4dc1530 272->278 273->272 275 4e379a1-4e379a9 call 4e665a0 273->275 275->272 288 4e379ab 275->288 276->245 297 4e37a6b-4e37a89 OpenFileMappingW call 4dc1530 277->297 298 4e37abe-4e37ae0 call 4e97780 MapViewOfFile 277->298 278->277 286 4e379df-4e379e2 278->286 286->268 289 4e379e8-4e379e9 286->289 288->272 289->270 297->298 303 4e37a8b-4e37abb call 4e94bc0 * 2 call 4dc1510 * 2 297->303 304 4e37b03-4e37b07 298->304 305 4e37ae2-4e37af7 call 4e94bc0 * 2 298->305 307 4e37bbf-4e37c03 GetCurrentProcessId call 4e36050 CreateFileMappingW call 4dc1530 304->307 308 4e37b0d-4e37b3a call 4e93f10 call 4e91930 304->308 305->268 322 4e37afd-4e37afe 305->322 328 4e37c05-4e37c22 OpenFileMappingW call 4dc1530 307->328 329 4e37c28-4e37c4a call 4e97780 MapViewOfFile 307->329 308->303 327 4e37b40-4e37b4a 308->327 322->270 332 4e37b88-4e37bbc 327->332 333 4e37b4c-4e37b5d call 4dc1c30 327->333 328->303 328->329 329->303 339 4e37c50-4e37c75 call 4e36020 329->339 332->307 343 4e37b5f-4e37b6b call 4dc1c30 333->343 344 4e37b6d 333->344 349 4e37c77-4e37c7c 339->349 350 4e37cf5-4e37d0c GetCurrentProcessId 339->350 345 4e37b72-4e37b85 call 4e93f30 343->345 344->345 345->332 353 4e37c80-4e37cf3 wsprintfW OpenFileMappingW MapViewOfFile 349->353 354 4e37d13-4e37d2d 350->354 355 4e37d0e 350->355 353->350 353->353 356 4e37d94-4e37dbc call 4e36900 354->356 357 4e37d2f-4e37d72 call 4dc1c30 call 4ddfe60 call 4e977b0 354->357 355->354 362 4e37dc2-4e37dd3 356->362 363 4e3804c-4e38065 call 4e94bc0 * 2 356->363 376 4e37d77-4e37d8f call 4e95270 357->376 362->363 371 4e37dd9-4e37df2 call 4e34b40 GetModuleHandleW 362->371 363->268 375 4e38067 363->375 379 4e37eb1-4e37ecb call 4dc3eb0 call 4e53930 371->379 380 4e37df8-4e37e11 call 4dc3eb0 call 4e53930 371->380 375->270 376->356 391 4e37ed1-4e37f31 call 4e53b20 call 4dff070 * 2 call 4dc2e00 call 4e35fc0 379->391 392 4e37fb8 379->392 389 4e37e17-4e37e90 call 4e53b20 call 4dff070 * 2 call 4dc2e00 * 2 call 4e35fc0 380->389 390 4e37ea8-4e37eac 380->390 439 4e37e92-4e37e98 389->439 440 4e37e9c-4e37ea3 call 4dc2e00 389->440 393 4e37fbc-4e37fe6 call 4dc2e00 call 4e43430 390->393 426 4e37f33-4e37f39 391->426 427 4e37f3d-4e37f8b call 4dff070 * 2 call 4dc2e00 call 4e35fc0 391->427 392->393 409 4e37fe8-4e38008 call 4e42a10 call 4e43130 393->409 410 4e3800d-4e38049 call 4de7730 call 4e94bc0 * 2 call 4dc1510 * 2 393->410 409->410 426->427 449 4e37f97-4e37fb3 call 4dc2e00 * 3 427->449 450 4e37f8d-4e37f93 427->450 439->440 440->390 449->392 450->449
                                        APIs
                                        • GetCurrentProcessId.KERNEL32(00000020), ref: 04E377E4
                                        • GetCurrentThreadId.KERNEL32 ref: 04E377F8
                                        • GetCurrentProcessId.KERNEL32 ref: 04E3780A
                                        • OpenProcess.KERNEL32(001F0FFF,00000000,00000000), ref: 04E37818
                                        • wsprintfW.USER32 ref: 04E3785B
                                        • CreateMutexW.KERNELBASE(00000000,00000000,?), ref: 04E3786C
                                        • wsprintfW.USER32 ref: 04E378D3
                                        • CreateMutexW.KERNELBASE(00000000,00000000,?), ref: 04E378E4
                                        • OpenMutexW.KERNEL32(00100000,?,?), ref: 04E37924
                                        • wsprintfW.USER32 ref: 04E37978
                                        • CreateMutexW.KERNELBASE(00000000,00000000,?), ref: 04E37989
                                        • OpenMutexW.KERNEL32(00100000,?,?), ref: 04E379CB
                                        • wsprintfW.USER32 ref: 04E37A35
                                        • CreateFileMappingW.KERNELBASE(000000FF,04EC8968,00000004,00000000,00210CF0,?), ref: 04E37A5B
                                        • MapViewOfFile.KERNELBASE(?,00000006,00000000,00000000,00210CF0,00000000), ref: 04E37AD5
                                        • GetCurrentProcessId.KERNEL32(?,?,00000006,00000000,00000000,00210CF0,00000000), ref: 04E37BC7
                                        • CreateFileMappingW.KERNELBASE(000000FF,04EC8968,00000004,00000000,00100000,?,00000006,00000000,00000000,00210CF0,00000000), ref: 04E37BF5
                                        • OpenFileMappingW.KERNEL32(00000006,00000000,?,00000000), ref: 04E37C10
                                        • MapViewOfFile.KERNELBASE(?,00000006,00000000,00000000,00100000,?,00000000), ref: 04E37C3F
                                        • wsprintfW.USER32 ref: 04E37C96
                                        • OpenFileMappingW.KERNEL32(000F001F,00000000,?,?,?,?,00100000,?,00000000), ref: 04E37CAE
                                        • MapViewOfFile.KERNEL32(?,00000006,00000000,00000000,?,?,?,?,00100000,?,00000000), ref: 04E37CD0
                                        • GetCurrentProcessId.KERNEL32(?,00000006,00000000,00000000,00100000,?,00000000), ref: 04E37CF5
                                          • Part of subcall function 04E93F10: RtlZeroMemory.NTDLL(00000000,00000008), ref: 04E93F1A
                                          • Part of subcall function 04E91930: GetSystemInfo.KERNELBASE(759216C0,759216C0,7591F3C0,7591F550,?,?,?,?,04E9108F,00000000,01000000,00000400,00000000), ref: 04E9195D
                                        • GetModuleHandleW.KERNEL32(bxsdk32.dll,?,00000006,00000000,00000000,00100000,?,00000000), ref: 04E37DE6
                                          • Part of subcall function 04E53930: GetModuleFileNameW.KERNEL32(?,00000000,00000001,00000000,04DC0000,?,00000000), ref: 04E53963
                                          • Part of subcall function 04E53930: GetModuleFileNameW.KERNEL32(?,00000000,-00000100), ref: 04E539B1
                                          • Part of subcall function 04E53B20: lstrlenW.KERNEL32(?,?,?,?,00000000,04E2F728,?,?,?,?), ref: 04E53B2F
                                          • Part of subcall function 04E53B20: lstrcpyW.KERNEL32(00000000,?), ref: 04E53B5A
                                          • Part of subcall function 04E53B20: lstrlenW.KERNEL32(00000000,?,00000000,04E2F728,?,?,?,?), ref: 04E53B61
                                          • Part of subcall function 04DFF070: memcpy.NTDLL(00000000,?,?,00000000,00000000,00000000,00000000,000000AC,00000FA0,?,?,_CLASSES\Wow6432Node\CLSID,\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID,\REGISTRY\MACHINE\Software\Classes\Wow6432Node\AppID,\REGISTRY\MACHINE\Software\Wow6432Node,00000030), ref: 04DFF10C
                                          • Part of subcall function 04DFF070: memcpy.NTDLL(?,?,00000002,00000000,?,?,00000000,00000000,00000000,00000000,000000AC,00000FA0,?,?,_CLASSES\Wow6432Node\CLSID,\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID), ref: 04DFF11A
                                          • Part of subcall function 04E35FC0: GetFileAttributesW.KERNELBASE(?,04E7A507,?), ref: 04E35FC5
                                        • OpenFileMappingW.KERNEL32(00000006,00000000,?,00000000), ref: 04E37A77
                                          • Part of subcall function 04E665A0: NtClose.NTDLL ref: 04E665BF
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: File$Open$CreateCurrentMappingMutexProcesswsprintf$ModuleView$Namelstrlenmemcpy$AttributesCloseHandleInfoMemorySystemThreadZerolstrcpy
                                        • String ID: %s_%.8x$%s_%.8x_%.8x$boxedapp_global_shared_mem$boxedapp_process_list_mutex$boxedapp_process_shared_mem_info$boxedapp_shared_env$boxedapp_shared_env_mutex$boxedapp_shared_mem$bxsdk32.dll$bxsdk64.dll
                                        • API String ID: 1941339701-2879591448
                                        • Opcode ID: 5f583a24e78498094160073a38a072bd554cdf6d864e4476c3a181daab1f4757
                                        • Instruction ID: 8b081e39151fe16ecf5f293fb645bcd82a51c3d476fbd46b43a39131011483dd
                                        • Opcode Fuzzy Hash: 5f583a24e78498094160073a38a072bd554cdf6d864e4476c3a181daab1f4757
                                        • Instruction Fuzzy Hash: 103292B16043019BE725EB64DC85FABB3E9EF84709F044A1DF54697281EB70F905CBA2
                                        Function 04DDB9D0 Relevance: 31.5, APIs: 2, Strings: 15, Instructions: 1756COMMON
                                        Download Yara Rule
                                        APIs
                                        • RtlDosPathNameToNtPathName_U.NTDLL(?,00000000,00000000,00000000), ref: 04DDBA8A
                                          • Part of subcall function 04E50510: GetLocalTime.KERNEL32 ref: 04E50559
                                          • Part of subcall function 04E50510: GetCurrentProcessId.KERNEL32(04EB3000,?,04E9E704,?,04E9DFD8,?,04E9DFD8,75922E80,04EB3000,?,04EB3004,?,04EB3004,75922E80,bx:), ref: 04E50628
                                          • Part of subcall function 04E50510: GetCurrentThreadId.KERNEL32 ref: 04E50644
                                          • Part of subcall function 04E4D390: DbgPrint.NTDLL ref: 04E4D3A9
                                          • Part of subcall function 04E4D390: WriteFile.KERNEL32(00000000,04F51C80,?,?,00000000,?,?,?,?,?,?,?,?,?,04E2C505,?), ref: 04E4D3D6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CurrentPath$FileLocalNameName_PrintProcessThreadTimeWrite
                                        • String ID: -> $", going to set SetLastError(ERROR_INVALID_NAME) and return INVALID_HANDLE_VALUE$", id=$", which is invalid file name, going to SetLastError(ERROR_INVALID_NAME) and return INVALID_HANDLE_VALUE$(name="$, RtlDosPathNameToNtPathName_U returns FALSE for path: "$, found path component: "$, passed pBehavior doesn't return FILE_ATTRIBUTE_DIRECTORY attribute, but it's requested to create a directory$, passed pBehavior doesn't support IVirtualFile$, passed pBehavior returns FILE_ATTRIBUTE_DIRECTORY attribute, but it's requested to create not a directory$, szPath: "$BoxedApp::FileSystem::CFileSystem::CreateVirtualFile$It's impossible to create sub file of non directory virtual file$It's impossible to create virtual file: passed pBehavior doesn't support Behavior::IVirtualFileStream$core
                                        • API String ID: 2358008889-2641446209
                                        • Opcode ID: 2cd7bec7c089d72419faff95d42305c8a4d38383d121dd502cab914d2830c662
                                        • Instruction ID: 6b8df0cbe2b467f931ffafcc4d4a09aad8614c6923183c18bf03032998c224bb
                                        • Opcode Fuzzy Hash: 2cd7bec7c089d72419faff95d42305c8a4d38383d121dd502cab914d2830c662
                                        • Instruction Fuzzy Hash: F8E228756042419FD724EF68C890DAEB3E9BFC8704F15896DE28A87290DB31FD45CB92
                                        Function 04E38090 Relevance: 30.2, APIs: 13, Strings: 4, Instructions: 413fileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2009 4e38090-4e380c4 2010 4e380c6-4e380c8 2009->2010 2011 4e380ee-4e380fa 2009->2011 2012 4e380d0-4e380d7 2010->2012 2013 4e38100-4e3810e 2011->2013 2014 4e381b9-4e381d7 call 4e94ba0 2011->2014 2017 4e380e3-4e380ea 2012->2017 2018 4e380d9-4e380df 2012->2018 2015 4e38114-4e3811f 2013->2015 2025 4e38225-4e3824c 2014->2025 2026 4e381d9-4e381f4 2014->2026 2019 4e38121-4e38124 2015->2019 2020 4e38177-4e3817c 2015->2020 2017->2011 2018->2012 2022 4e380e1 2018->2022 2023 4e38196-4e381a8 2019->2023 2024 4e38126-4e3812b 2019->2024 2020->2023 2027 4e3817e-4e38184 2020->2027 2022->2011 2028 4e38110 2023->2028 2029 4e381ae-4e381b5 2023->2029 2024->2023 2030 4e3812d-4e38136 2024->2030 2031 4e38250-4e38304 call 4e97bb0 wsprintfW * 2 CreateFileMappingW call 4e97780 MapViewOfFile call 4e91930 2025->2031 2026->2031 2027->2023 2032 4e38186-4e38194 call 4e91a30 2027->2032 2028->2015 2029->2014 2030->2023 2034 4e38138-4e38146 call 4e91a30 2030->2034 2048 4e38309-4e3833d call 4e94ba0 2031->2048 2032->2023 2040 4e381f6-4e38222 call 4e91b90 call 4e97b60 2032->2040 2034->2023 2043 4e38148-4e38174 call 4e91b90 call 4e97b60 2034->2043 2056 4e38355-4e38366 2048->2056 2057 4e3833f-4e38343 2048->2057 2060 4e38374-4e3837a 2056->2060 2058 4e38345-4e3834a 2057->2058 2059 4e3834e 2057->2059 2058->2059 2059->2056 2061 4e38380-4e383b8 call 4e91ba0 GetCurrentProcessId 2060->2061 2062 4e38507-4e38527 call 4e94bc0 call 4e91a30 2060->2062 2067 4e38370 2061->2067 2068 4e383ba-4e383cd OpenProcess 2061->2068 2075 4e38565-4e3857c call 4e94bc0 2062->2075 2076 4e38529-4e38562 call 4e91b90 call 4e97b60 call 4e94bc0 2062->2076 2067->2060 2070 4e383d3-4e38439 call 4e97bb0 wsprintfW * 2 OpenFileMappingW 2068->2070 2071 4e384f9-4e38502 call 4e94e20 2068->2071 2081 4e384e5-4e384e8 2070->2081 2082 4e3843f-4e38457 MapViewOfFile 2070->2082 2071->2067 2081->2067 2086 4e384ee-4e384f4 call 4e665a0 2081->2086 2087 4e384d6-4e384d9 2082->2087 2088 4e38459-4e38485 call 4e666d0 2082->2088 2086->2067 2092 4e384e1 2087->2092 2093 4e384db-4e384dc call 4e665a0 2087->2093 2099 4e38487-4e384a7 GetCurrentProcess DuplicateHandle 2088->2099 2100 4e384c6-4e384d3 GetCurrentProcess call 4e66760 2088->2100 2092->2081 2093->2092 2099->2100 2101 4e384a9-4e384c2 2099->2101 2100->2087 2101->2100
                                        APIs
                                        • wsprintfW.USER32 ref: 04E38285
                                        • wsprintfW.USER32 ref: 04E382A5
                                        • CreateFileMappingW.KERNELBASE(000000FF,04EC8968,00000004,00000000,000100FF,?), ref: 04E382C2
                                        • MapViewOfFile.KERNELBASE(?,00000006,00000000,00000000,000100FF), ref: 04E382E3
                                          • Part of subcall function 04E91930: GetSystemInfo.KERNELBASE(759216C0,759216C0,7591F3C0,7591F550,?,?,?,?,04E9108F,00000000,01000000,00000400,00000000), ref: 04E9195D
                                        • GetCurrentProcessId.KERNEL32(?,?,00000006,00000000,00000000,000100FF), ref: 04E383AC
                                        • OpenProcess.KERNEL32(00000048,00000000,?,?,?,00000006,00000000,00000000,000100FF), ref: 04E383BF
                                        • wsprintfW.USER32 ref: 04E383FB
                                        • wsprintfW.USER32 ref: 04E38417
                                        • OpenFileMappingW.KERNEL32(000F001F,00000000,?), ref: 04E3842F
                                        • MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00100000), ref: 04E3844B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Filewsprintf$MappingOpenProcessView$CreateCurrentInfoSystem
                                        • String ID: %s_%.8x$%s_%.8x_%.8x$boxedapp_process_shared_mem_info$boxedapp_shared_mem
                                        • API String ID: 3975798447-3253204589
                                        • Opcode ID: cc7c0a3542aed7e87aa60e371be032f66daea9ca01360d300d3624bb882931ec
                                        • Instruction ID: f3921e9d27ef5f4caca9da170c13c8156073cd784f10e86e863472bc73794856
                                        • Opcode Fuzzy Hash: cc7c0a3542aed7e87aa60e371be032f66daea9ca01360d300d3624bb882931ec
                                        • Instruction Fuzzy Hash: B3E18EB16043019FD714DF29D884B6BB7E5FB88319F049A2DF94997280EB75EC05CBA2
                                        Function 04E34940 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 194fileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • wsprintfW.USER32 ref: 04E34978
                                        • CreateFileMappingW.KERNELBASE(000000FF,04EC8968,00000004,00000000,00000004,?), ref: 04E34999
                                        • OpenFileMappingW.KERNEL32(00000006,00000000,?), ref: 04E349AA
                                        • MapViewOfFile.KERNELBASE(?,00000006,00000000,00000000,00000004), ref: 04E349E1
                                        • GetCurrentProcessId.KERNEL32(?), ref: 04E34A02
                                        • CreateFileMappingW.KERNELBASE(000000FF,04EC8968,00000004,00000000,00000018,?), ref: 04E34A2C
                                        • MapViewOfFile.KERNELBASE(?,00000006,00000000,00000000,00000018), ref: 04E34A4E
                                        • GetCurrentProcessId.KERNEL32(?), ref: 04E34A77
                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,?), ref: 04E34A9D
                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 04E34AB3
                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 04E34AC0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CreateFile$EventMapping$CurrentProcessView$Openwsprintf
                                        • String ID: %s_%.8x_%.8x$boxedapp_event_newmsg$boxedapp_msg_global$boxedapp_msg_process
                                        • API String ID: 3896030162-1607731783
                                        • Opcode ID: 91831a5e7142b4e1562698e805b5338283a2a86fdacbfed55159c979290be703
                                        • Instruction ID: d58c8ce15d0520513a25ccc5e68f4865a43c7274e8e99f6c1209f931d07b07dc
                                        • Opcode Fuzzy Hash: 91831a5e7142b4e1562698e805b5338283a2a86fdacbfed55159c979290be703
                                        • Instruction Fuzzy Hash: 2751C0B26003046BD360EF29DC45F6BB7ECEB84759F040A2DF185D6281EA71F809CBA5
                                        Function 04E81150 Relevance: 16.9, APIs: 2, Strings: 9, Instructions: 367stringCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2825 4e81150-4e8116e call 4e30ab0 TlsGetValue 2828 4e811f8-4e81201 2825->2828 2829 4e81174-4e811f5 call 4e30ae0 2825->2829 2830 4e81209-4e8121c 2828->2830 2831 4e81203 2828->2831 2833 4e8122d-4e81248 lstrcmpiA 2830->2833 2834 4e8121e-4e81225 2830->2834 2831->2830 2839 4e8124a call 4e7da70 2833->2839 2840 4e8124f-4e81279 2833->2840 2834->2833 2835 4e81227-4e81228 call 4e7eec0 2834->2835 2835->2833 2839->2840 2845 4e813de-4e81441 2840->2845 2846 4e8127f-4e812c0 call 4dc4c20 call 4e50510 call 4e4f5c0 call 4e4d430 2840->2846 2853 4e8162e-4e81645 call 4e30ae0 2845->2853 2854 4e81447-4e81488 call 4dc4c20 call 4e50510 call 4e4f5c0 call 4e4d430 2845->2854 2865 4e812d9-4e81375 call 4e4e6f0 call 4e4e4a0 call 4e4e180 call 4e4d450 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e4d390 2846->2865 2866 4e812c2-4e812d5 call 4e94070 2846->2866 2878 4e8148a-4e8149d call 4e94070 2854->2878 2879 4e814a1-4e8158f call 4dc4ec0 call 4e4f790 call 4e4e6f0 call 4e4e4a0 call 4e4e180 call 4e4d450 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e4d390 2854->2879 2929 4e8138c-4e81392 2865->2929 2930 4e81377-4e81388 call 4e94070 2865->2930 2866->2865 2878->2879 2961 4e81591-4e815a2 call 4e94070 2879->2961 2962 4e815a6-4e815ac 2879->2962 2932 4e813a9-4e813af 2929->2932 2933 4e81394-4e813a5 call 4e94070 2929->2933 2930->2929 2937 4e813b1-4e813c2 call 4e94070 2932->2937 2938 4e813c6-4e813cc 2932->2938 2933->2932 2937->2938 2942 4e813ce-4e813d4 call 4e94070 2938->2942 2943 4e813d7 2938->2943 2942->2943 2943->2845 2961->2962 2964 4e815ae-4e815bf call 4e94070 2962->2964 2965 4e815c3-4e815c9 2962->2965 2964->2965 2966 4e815cb-4e815dc call 4e94070 2965->2966 2967 4e815e0-4e815e6 2965->2967 2966->2967 2971 4e815e8-4e815f9 call 4e94070 2967->2971 2972 4e815fd-4e81603 2967->2972 2971->2972 2976 4e8161a-4e81623 2972->2976 2977 4e81605-4e81616 call 4e94070 2972->2977 2976->2853 2980 4e81625-4e8162b call 4e94070 2976->2980 2977->2976 2980->2853
                                        APIs
                                          • Part of subcall function 04E30AB0: GetLastError.KERNEL32(04F51C80,04E66E1D,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AB3
                                        • TlsGetValue.KERNEL32(00000014), ref: 04E81166
                                        • lstrcmpiA.KERNEL32(00000000), ref: 04E81240
                                          • Part of subcall function 04E30AE0: GetLastError.KERNEL32(00000000,04E66E83,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AE3
                                          • Part of subcall function 04E30AE0: SetLastError.KERNEL32(00000000,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AEE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorLast$Valuelstrcmpi
                                        • String ID: , CreateDisposition: $, DesiredAccess: $, OpenOptions: $, ShareAccess: $, handle: $, status: $8d7c89fa-47cf-4cc6-a8d1-bd687a513c04$CBoxedAppCore::My_NtCreateFile, szPath: $core
                                        • API String ID: 1002481624-2342742713
                                        • Opcode ID: 8bf4c76e6fbc68b58ffed539ce2bf8b09b09802585ee0e212e12e8be2a3e63ee
                                        • Instruction ID: d0fedaa2def2d2b2dddb697e5c5d8b27d5308afed6114ba2cee3c5568368d71a
                                        • Opcode Fuzzy Hash: 8bf4c76e6fbc68b58ffed539ce2bf8b09b09802585ee0e212e12e8be2a3e63ee
                                        • Instruction Fuzzy Hash: F2D110B1A04350AFEA14EF64D840E5FB7E9AFC8B08F005D2DB589D7250EA74FD058B92
                                        Function 04E8DF80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53filelibraryloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 3118 4e8df80-4e8df9b CreateFileMappingW 3119 4e8df9d-4e8df9f 3118->3119 3120 4e8dfa2-4e8dfb5 MapViewOfFile 3118->3120 3121 4e8dfe2-4e8dfee CloseHandle 3120->3121 3122 4e8dfb7-4e8dfe0 GetModuleHandleW GetProcAddress UnmapViewOfFile 3120->3122 3122->3121 3124 4e8dff1-4e8dfff 3122->3124
                                        APIs
                                        • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,?,00000000), ref: 04E8DF91
                                        • MapViewOfFile.KERNELBASE(00000000,00000002,00000000,00000000,?), ref: 04E8DFAB
                                        • GetModuleHandleW.KERNEL32(ntdll.dll,RtlMoveMemory), ref: 04E8DFC1
                                        • GetProcAddress.KERNEL32(00000000), ref: 04E8DFC8
                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 04E8DFD8
                                        • CloseHandle.KERNEL32(00000000), ref: 04E8DFE3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: File$HandleView$AddressCloseCreateMappingModuleProcUnmap
                                        • String ID: RtlMoveMemory$ntdll.dll
                                        • API String ID: 3734750734-3196484093
                                        • Opcode ID: fdfe5eb90b3f274b76c223cb53e9128e4878bf6512d7754394feab8a65d32e60
                                        • Instruction ID: 10778638b9ddbf06893b8b9ac48a38b705d37440e7254e255a243edb1ca0ec17
                                        • Opcode Fuzzy Hash: fdfe5eb90b3f274b76c223cb53e9128e4878bf6512d7754394feab8a65d32e60
                                        • Instruction Fuzzy Hash: 2E01D6333806207BE6206A66BC89F6B679DEBD4B77F108117F614D61C0CB69AC018635
                                        Function 04DD1370 Relevance: 13.7, APIs: 9, Instructions: 160COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 3125 4dd1370-4dd1399 call 4dc8ef0 3128 4dd139b-4dd13a0 3125->3128 3129 4dd13a3-4dd13a6 3125->3129 3128->3129 3130 4dd13a8-4dd13ac 3129->3130 3131 4dd13b1-4dd13bd 3129->3131 3132 4e98480-4e984ac GetCurrentProcess OpenProcessToken 3130->3132 3131->3132 3133 4e9850f-4e9851a 3132->3133 3134 4e984ae-4e984d8 GetTokenInformation 3132->3134 3134->3133 3135 4e984da-4e984df call 4ddfd20 3134->3135 3137 4e984e4-4e98500 GetTokenInformation 3135->3137 3138 4e9851d-4e98575 RtlCreateSecurityDescriptor SetSecurityDescriptorOwner SetSecurityDescriptorGroup call 4e940c0 MakeSelfRelativeSD 3137->3138 3139 4e98502-4e98504 3137->3139 3145 4e98577-4e98594 call 4ddfd20 MakeSelfRelativeSD 3138->3145 3146 4e98596-4e985a0 3138->3146 3139->3133 3140 4e98506-4e9850c call 4e94070 3139->3140 3140->3133 3145->3146 3147 4e985a2 3146->3147 3148 4e985a4-4e985a8 3146->3148 3147->3148 3151 4e985aa-4e985af 3148->3151 3152 4e985b1-4e985c0 call 4e93f30 3148->3152 3153 4e985c2-4e985c4 3151->3153 3152->3153 3156 4e985cf-4e985e0 call 4e94070 3153->3156 3157 4e985c6-4e985cc call 4e94070 3153->3157 3157->3156
                                        APIs
                                          • Part of subcall function 04DC8EF0: InterlockedExchange.KERNEL32(00000008,00000000), ref: 04DC8F38
                                          • Part of subcall function 04DC8EF0: InterlockedDecrement.KERNEL32(0000000C), ref: 04DC8F49
                                          • Part of subcall function 04DC8EF0: ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04DC8F5B
                                        • GetCurrentProcess.KERNEL32 ref: 04E9849D
                                        • OpenProcessToken.ADVAPI32(00000000), ref: 04E984A4
                                        • GetTokenInformation.KERNELBASE(00000008,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 04E984D0
                                        • GetTokenInformation.KERNELBASE(00000008,TokenIntegrityLevel,?,?,?,?), ref: 04E984F9
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Token$InformationInterlockedProcess$CurrentDecrementExchangeOpenReleaseSemaphore
                                        • String ID:
                                        • API String ID: 2721379685-0
                                        • Opcode ID: 4db13de48d38b53dbb6242e5e062c297222c27c3e59f6226ae2ca459351b0f10
                                        • Instruction ID: 71f80b03bfa8bdf8d84dc607b36c61b19e3647be2d5836ab5c4eb7c9a55c5d6d
                                        • Opcode Fuzzy Hash: 4db13de48d38b53dbb6242e5e062c297222c27c3e59f6226ae2ca459351b0f10
                                        • Instruction Fuzzy Hash: 2F516FB2604301ABD704EF15DC80EABB3E8FBC9218F04492DF54697280E734ED09CBA2
                                        Function 04E51440 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 32librarymemoryloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 3162 4e51440-4e51451 InterlockedCompareExchange 3163 4e51453-4e51483 HeapCreate LoadLibraryW GetProcAddress call 4e940c0 3162->3163 3164 4e514af 3162->3164 3166 4e51488-4e51490 3163->3166 3167 4e51492-4e514ac RtlUpcaseUnicodeChar 3166->3167 3167->3167 3168 4e514ae 3167->3168 3168->3164
                                        APIs
                                        • InterlockedCompareExchange.KERNEL32(04EC8904,00000001,00000000), ref: 04E51449
                                        • HeapCreate.KERNELBASE(00000000,00000000,00000000,?,?,00000000,?), ref: 04E51457
                                        • LoadLibraryW.KERNEL32(ntdll.dll,?,?,00000000,?), ref: 04E51467
                                        • GetProcAddress.KERNEL32(00000000,RtlUpcaseUnicodeChar), ref: 04E51473
                                        • RtlUpcaseUnicodeChar.NTDLL(00000000), ref: 04E51493
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: AddressCharCompareCreateExchangeHeapInterlockedLibraryLoadProcUnicodeUpcase
                                        • String ID: RtlUpcaseUnicodeChar$ntdll.dll
                                        • API String ID: 455295019-4040803293
                                        • Opcode ID: 36535c4ba5220db3439030d49bd97cf65d9569bf3ce3623f5cdcd9bb141e6c70
                                        • Instruction ID: 3166f47c6930f205cc29c4e247f009fb9d73712d269c7edf28c1361545f1e246
                                        • Opcode Fuzzy Hash: 36535c4ba5220db3439030d49bd97cf65d9569bf3ce3623f5cdcd9bb141e6c70
                                        • Instruction Fuzzy Hash: 63F090729403307BDB106F72FD0DF9A3A56FB04747F815026F915D6188DA7D6C428B91
                                        Function 04E7DB90 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 151libraryloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 3173 4e7db90-4e7dbed call 4e30ab0 call 4dc4c20 LdrLoadDll 3179 4e7dc42-4e7dc44 3173->3179 3180 4e7dbef-4e7dbf1 3173->3180 3181 4e7dc46-4e7dc4a call 4e7dab0 3179->3181 3183 4e7dc4f-4e7dc61 3179->3183 3180->3181 3182 4e7dbf3-4e7dbfa 3180->3182 3181->3183 3182->3179 3184 4e7dbfc-4e7dc03 3182->3184 3188 4e7dc67-4e7dcd6 call 4dc4e30 call 4e4f790 call 4dc25c0 call 4e50510 call 4e4f5c0 call 4e4d430 3183->3188 3189 4e7dd3d 3183->3189 3184->3179 3186 4e7dc05-4e7dc10 3184->3186 3186->3179 3194 4e7dc12-4e7dc3c DeactivateActCtx 3186->3194 3213 4e7dce1-4e7dd13 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e506a0 call 4e4f5c0 call 4e4d390 3188->3213 3214 4e7dcd8-4e7dcde call 4e94070 3188->3214 3192 4e7dd3f-4e7dd45 3189->3192 3195 4e7dd47-4e7dd4d call 4e94070 3192->3195 3196 4e7dd50-4e7dd62 call 4e30ae0 3192->3196 3194->3179 3195->3196 3229 4e7dd15-4e7dd26 call 4e94070 3213->3229 3230 4e7dd2a-4e7dd30 3213->3230 3214->3213 3229->3230 3230->3192 3231 4e7dd32-4e7dd3b call 4e94070 3230->3231 3231->3192
                                        APIs
                                          • Part of subcall function 04E30AB0: GetLastError.KERNEL32(04F51C80,04E66E1D,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AB3
                                        • LdrLoadDll.NTDLL ref: 04E7DBE2
                                        • DeactivateActCtx.KERNEL32(00000000,?), ref: 04E7DC3C
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: DeactivateErrorLastLoad
                                        • String ID: ", status = $, base = $LdrLoadDll: "$core
                                        • API String ID: 451580975-1347681879
                                        • Opcode ID: 3da91a07fc79a5ff16fc166b4f02398008d2d5e4bdb5260f293821cec864c593
                                        • Instruction ID: 998ac2c4f4f37f90e1d547dd3308961517a67b6ee02ae518f67387058cd5c79d
                                        • Opcode Fuzzy Hash: 3da91a07fc79a5ff16fc166b4f02398008d2d5e4bdb5260f293821cec864c593
                                        • Instruction Fuzzy Hash: 00517C71604300ABDB04EF65DC90D6BB7E9EFC5219F04293CF58697291EA74FD05CAA2
                                        Function 04E50EF0 Relevance: 10.6, APIs: 7, Instructions: 111threadmemorysynchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentThreadId.KERNEL32 ref: 04E50EFF
                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 04E50F5A
                                        • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 04E50FCC
                                        • CloseHandle.KERNEL32(?), ref: 04E50FE7
                                        • GetCurrentThreadId.KERNEL32 ref: 04E51001
                                        • OpenThread.KERNEL32(00100000,00000000,00000000), ref: 04E5100E
                                        • CloseHandle.KERNEL32(?), ref: 04E51023
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Thread$CloseCurrentHandle$AllocCreateMutexOpenVirtual
                                        • String ID:
                                        • API String ID: 3714206927-0
                                        • Opcode ID: cb6ae7e0151b10b0e2fda2aefe59d44e3876db34515388f5188356c99289fd23
                                        • Instruction ID: 7133b9617a03be83f3717816fc5d45886c02af35f05ddbf305c8f50b3517499f
                                        • Opcode Fuzzy Hash: cb6ae7e0151b10b0e2fda2aefe59d44e3876db34515388f5188356c99289fd23
                                        • Instruction Fuzzy Hash: C24128B19007019FC360DF2AD880916FBF5FF98365B548A2EF99AC37A1D770E9058B51
                                        Function 0043AE1D Relevance: 9.1, APIs: 6, Instructions: 107threadCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 0043F83D: TlsGetValue.KERNEL32(?,0043AE22), ref: 0043F844
                                          • Part of subcall function 0043F83D: TlsSetValue.KERNEL32(00000000,0043AE22), ref: 0043F865
                                          • Part of subcall function 0043F822: TlsGetValue.KERNEL32(?,0043AE2D,00000000), ref: 0043F82C
                                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 0043AE44
                                        • ExitThread.KERNEL32 ref: 0043AE4B
                                        • CreateThread.KERNELBASE(00000000,?,0043AE1D,00000000,00000004,00000000), ref: 0043AF03
                                        • ResumeThread.KERNELBASE(00000000,?,?,?,?,?,?,00000000), ref: 0043AF13
                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 0043AF1E
                                        • __dosmaperr.LIBCMT ref: 0043AF36
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2755614298.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000009.00000002.2755550332.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755670835.0000000000452000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755732116.000000000046B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.000000000046D000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.0000000000570000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.0000000000576000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.0000000000583000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756191692.000000000059F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756263555.00000000005A3000.00000020.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756443791.0000000000762000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756443791.0000000000907000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_400000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ThreadValue$ErrorLast$CreateExitResume__dosmaperr
                                        • String ID:
                                        • API String ID: 1421997792-0
                                        • Opcode ID: e5201e6d34afa2921fc95f946d628e313e99d21ffcb5b2ebc4f54ad5e8e98abb
                                        • Instruction ID: 8f8596a89a85ecec8b4a3dc895ae1eaea928c96a511ba3fcb1bd314a5cbd4c28
                                        • Opcode Fuzzy Hash: e5201e6d34afa2921fc95f946d628e313e99d21ffcb5b2ebc4f54ad5e8e98abb
                                        • Instruction Fuzzy Hash: 173122B1841300AFD718BF729D4A95F7BA4EF4C329F20563FF554922A2DB78C8058A5E
                                        Function 04E65880 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E93F30: RtlMoveMemory.NTDLL(?,?,00000000), ref: 04E93F3F
                                        • GetSystemInfo.KERNELBASE(?,?,?,00000000), ref: 04E658A1
                                          • Part of subcall function 04E93F10: RtlZeroMemory.NTDLL(00000000,00000008), ref: 04E93F1A
                                        • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,00000000), ref: 04E658C1
                                          • Part of subcall function 04E97E30: VirtualAlloc.KERNELBASE(00000000,00000005,00001000,?,04E65A9B,?,00000005,00000040,?,?,?,?,00000000), ref: 04E97E41
                                        • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 04E659F0
                                        • FlushInstructionCache.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 04E659F7
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: MemoryVirtual$AllocCacheCurrentFlushInfoInstructionMoveProcessQuerySystemZero
                                        • String ID:
                                        • API String ID: 3732356899-0
                                        • Opcode ID: 3e20df5fcc24e237b7c0df0e677b93dc5fcbc5e4d8bdd07d7db30eb67866c228
                                        • Instruction ID: 0818e25e68c772ab2f7c28be92448dd9eba4967d52e8af396e68ea1971394e9b
                                        • Opcode Fuzzy Hash: 3e20df5fcc24e237b7c0df0e677b93dc5fcbc5e4d8bdd07d7db30eb67866c228
                                        • Instruction Fuzzy Hash: EC4164B2554741AFD320DF79DC44E5BB7E9EB88214F004A1DF99A83285EB74E9088BA1
                                        Function 04DDD7B0 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 04DDD888
                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 04DDD890
                                        • DuplicateHandle.KERNEL32(00000000), ref: 04DDD893
                                        • CloseHandle.KERNEL32(?), ref: 04DDD8DB
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CurrentHandleProcess$CloseDuplicate
                                        • String ID:
                                        • API String ID: 1410216518-0
                                        • Opcode ID: d848ba057bb9000c92f9608641793875cd2c97602752065d85a12bfde942a4d5
                                        • Instruction ID: 117d451bede257d958290ca795583eba72b092ceef6b77a0a126d71cdf299387
                                        • Opcode Fuzzy Hash: d848ba057bb9000c92f9608641793875cd2c97602752065d85a12bfde942a4d5
                                        • Instruction Fuzzy Hash: D341E676208344AFD755DFA9C8C0D6BB3EAFB88314F144A2DF65A83251DB31E905CB62
                                        Function 04E05E80 Relevance: 6.1, APIs: 4, Instructions: 108threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,04EC8954,7591F550,7508EB20,7508ED30,?,?,?,?,04E05FBF), ref: 04E05F19
                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,04E05FBF,?,?,?,7591F550,04E918F5), ref: 04E05F43
                                        • InterlockedIncrement.KERNEL32(00000004), ref: 04E05F64
                                        • CreateThread.KERNELBASE(00000000,00000000,04E05E60,00000000,00000000,0000000C), ref: 04E05F77
                                          • Part of subcall function 04E665A0: NtClose.NTDLL ref: 04E665BF
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Create$Event$CloseIncrementInterlockedThread
                                        • String ID:
                                        • API String ID: 4199909435-0
                                        • Opcode ID: f1c458a6af2640e7cd5849367a933f0a52475d08ec6d7d9ae54d96a25d29d8f6
                                        • Instruction ID: c80295e07d3f45bd0b5916e9c679fb8dba1b4266f406b7a8f2c15287387adc2e
                                        • Opcode Fuzzy Hash: f1c458a6af2640e7cd5849367a933f0a52475d08ec6d7d9ae54d96a25d29d8f6
                                        • Instruction Fuzzy Hash: 9C41C3B0904B019F8320CF2A9984817FBF9FFD9754B504A1FE4AAC3AA0D774E5458BA5
                                        Function 04E14A80 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC8EF0: InterlockedExchange.KERNEL32(00000008,00000000), ref: 04DC8F38
                                          • Part of subcall function 04DC8EF0: InterlockedDecrement.KERNEL32(0000000C), ref: 04DC8F49
                                          • Part of subcall function 04DC8EF0: ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04DC8F5B
                                        • GetCurrentProcess.KERNEL32 ref: 04E9849D
                                        • OpenProcessToken.ADVAPI32(00000000), ref: 04E984A4
                                        • GetTokenInformation.KERNELBASE(00000008,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 04E984D0
                                        • GetTokenInformation.KERNELBASE(00000008,TokenIntegrityLevel,?,?,?,?), ref: 04E984F9
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Token$InformationInterlockedProcess$CurrentDecrementExchangeOpenReleaseSemaphore
                                        • String ID:
                                        • API String ID: 2721379685-0
                                        • Opcode ID: 4d28243348eabe2ae5c2a6f93e261b13ec004f56f2cc1d4bdc24832683cf8c46
                                        • Instruction ID: 2492f1ba6a4454f0b16cf6991fd04d1087409b4a1f8758fd044695fe559f7817
                                        • Opcode Fuzzy Hash: 4d28243348eabe2ae5c2a6f93e261b13ec004f56f2cc1d4bdc24832683cf8c46
                                        • Instruction Fuzzy Hash: 93216FB6604201AFD704DA15DC84F6BB7E9FBC9718F04851DF54987290EB35ED098BA2
                                        Function 04E977B0 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNELBASE(04E34CB9,?,00000040,?,?,?,?,?,04E35DC2,?,?,?,?,00000000,?,04E34CB9), ref: 04E977CB
                                          • Part of subcall function 04E93F30: RtlMoveMemory.NTDLL(?,?,00000000), ref: 04E93F3F
                                        • VirtualProtect.KERNELBASE(04E34CB9,?,?,?,?,00000000,?,?,?,?,04E8FA2D), ref: 04E977E8
                                        • GetCurrentProcess.KERNEL32(04E34CB9,?,?,00000000,?,?,?,?,04E8FA2D), ref: 04E977EC
                                        • FlushInstructionCache.KERNEL32(00000000,?,00000000,?,?,?,?,04E8FA2D), ref: 04E977F3
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual$CacheCurrentFlushInstructionMemoryMoveProcess
                                        • String ID:
                                        • API String ID: 596428666-0
                                        • Opcode ID: 4001557c6b5b3639e06e03b17272d4b65ca4ebca80ec27abe9565f20f36aba8f
                                        • Instruction ID: d42c2c22ba01cd6702d84f952c8d7feb4cec86979fcc0ee8fa5ead95340deb5e
                                        • Opcode Fuzzy Hash: 4001557c6b5b3639e06e03b17272d4b65ca4ebca80ec27abe9565f20f36aba8f
                                        • Instruction Fuzzy Hash: D4F0FE721051117F9600DB56EC88DBFBBADEFCA665F00440EF64993141D674AC0687B6
                                        Function 0043ADDC Relevance: 4.5, APIs: 3, Instructions: 32threadCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 0043F9FB: __amsg_exit.LIBCMT ref: 0043FA09
                                        • CloseHandle.KERNEL32(?), ref: 0043ADC6
                                        • __freeptd.LIBCMT ref: 0043ADCD
                                        • ExitThread.KERNEL32 ref: 0043ADD5
                                          • Part of subcall function 0043FDB0: __FindPESection.LIBCMT ref: 0043FE09
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2755614298.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000009.00000002.2755550332.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755670835.0000000000452000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755732116.000000000046B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.000000000046D000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.0000000000570000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.0000000000576000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.0000000000583000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756191692.000000000059F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756263555.00000000005A3000.00000020.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756443791.0000000000762000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756443791.0000000000907000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_400000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CloseExitFindHandleSectionThread__amsg_exit__freeptd
                                        • String ID:
                                        • API String ID: 1262231458-0
                                        • Opcode ID: b23d0af45d41ee54e17b61858cfc5b22db630a960199009171090f466a26fffd
                                        • Instruction ID: 86bd6b700fd1742491bf267ee1f7a06fa6d34f24a60a48abfe277de77b901c7b
                                        • Opcode Fuzzy Hash: b23d0af45d41ee54e17b61858cfc5b22db630a960199009171090f466a26fffd
                                        • Instruction Fuzzy Hash: 8DF0BE31941601EBD7146BA49A0DB6E3722AF0D717F64212BF242855E2CBACC809865E
                                        Function 04DC4920 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNELBASE(?,?,00000001,?), ref: 04DC4A6B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-3916222277
                                        • Opcode ID: 0613eba591deff784bc3b1f8d58ddb3a578b105d1938874b57411f7a73fe9fc9
                                        • Instruction ID: 12b43e6b8d6dda6391fd73ac363ad557de21b2e3fc08861b867c8d1b5b0b8d43
                                        • Opcode Fuzzy Hash: 0613eba591deff784bc3b1f8d58ddb3a578b105d1938874b57411f7a73fe9fc9
                                        • Instruction Fuzzy Hash: 174103726043228FE314CF09C850B6AB3E5FF85308F04862DEA859B391EB76F915CB91
                                        Function 04E509C0 Relevance: 3.0, APIs: 2, Instructions: 45threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 04E509CD
                                        • CreateThread.KERNELBASE(00000000,00000000,Function_000908D0,?,00000000,?), ref: 04E50A06
                                          • Part of subcall function 04E665A0: NtClose.NTDLL ref: 04E665BF
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Create$CloseEventThread
                                        • String ID:
                                        • API String ID: 3538138673-0
                                        • Opcode ID: 0bb6f35463eb2abc36169b55e201363a2de923de8c8ec9f44acca5dd2f0a1037
                                        • Instruction ID: 2e28a90336d237b47b1f4289d993caefae3a8067442f7ce674a77c77c02961a7
                                        • Opcode Fuzzy Hash: 0bb6f35463eb2abc36169b55e201363a2de923de8c8ec9f44acca5dd2f0a1037
                                        • Instruction Fuzzy Hash: B001D13035070066F6309F369C49F1376E8DB80B68F241B2AFE41D61E0EA70F40986A0
                                        Function 04E65CA0 Relevance: 3.0, APIs: 2, Instructions: 28registryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • RegCloseKey.ADVAPI32(?,?,?,04E86596,80000000,?,00000001,AppId\,00000000,00000000,?,?), ref: 04E65CAB
                                        • RegOpenKeyExW.KERNELBASE(04E86596,04E86596,00000000,?,00000001,?,?,04E86596,80000000,?,00000001,AppId\,00000000,00000000,?,?), ref: 04E65CCD
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CloseOpen
                                        • String ID:
                                        • API String ID: 47109696-0
                                        • Opcode ID: 33e00293bc940a49b2f9a7290206062aa1fd104cade7db0245210622742b37d9
                                        • Instruction ID: dfaf0502dace5d0c3f8d5a3889aad6e6a01b8deb515ce0095404949a09a7d31a
                                        • Opcode Fuzzy Hash: 33e00293bc940a49b2f9a7290206062aa1fd104cade7db0245210622742b37d9
                                        • Instruction Fuzzy Hash: 8EF0C9B1658312AFD724CF64E849E27B3EDEB98741F20491EB496D3280DB74EC05DBA1
                                        Function 04E93FA0 Relevance: 3.0, APIs: 2, Instructions: 28memorythreadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentThreadId.KERNEL32 ref: 04E93FBF
                                        • RtlAllocateHeap.NTDLL(02D20000,00000001,?,0000000C,04EC8948,04EC8944,?,00000000,0000000C,04E3062D,?,00000000,04DC272E,?,00000000), ref: 04E93FEA
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: AllocateCurrentHeapThread
                                        • String ID:
                                        • API String ID: 3014162906-0
                                        • Opcode ID: 983e3e93613db5ee104c9b9154217b799d5d6a6af806c9814335142b90b05ac7
                                        • Instruction ID: 650c04384f2e43d2916ab4682f84e43c9587c8c38c995d63808eb0d933afa03a
                                        • Opcode Fuzzy Hash: 983e3e93613db5ee104c9b9154217b799d5d6a6af806c9814335142b90b05ac7
                                        • Instruction Fuzzy Hash: 7EF0B4306042109BD714FF16D988BAA37E1FB4431BF40111CF448561C4CB79AD46CF92
                                        Function 04E50E10 Relevance: 3.0, APIs: 2, Instructions: 26threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentThreadId.KERNEL32 ref: 04E50E24
                                        • RtlQueueApcWow64Thread.NTDLL(?,Function_00090CF0,00000000,00000000,00000000), ref: 04E50E48
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Thread$CurrentQueueWow64
                                        • String ID:
                                        • API String ID: 829397326-0
                                        • Opcode ID: 96c80e8849d7db1c866ae1a7ad4f03a034613f272f49a1b99101253847a184a8
                                        • Instruction ID: 5c763d3c8571482fcc29aa73f435104f7bfd7fe1549ad6d139bd1983c5d97566
                                        • Opcode Fuzzy Hash: 96c80e8849d7db1c866ae1a7ad4f03a034613f272f49a1b99101253847a184a8
                                        • Instruction Fuzzy Hash: D4E09272641321AFD2305B26ED05F87FBE4EB84B11F11892AFD4597290CA74B841C7A5
                                        Function 04E50CB0 Relevance: 3.0, APIs: 2, Instructions: 24threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentThreadId.KERNEL32 ref: 04E50CC4
                                        • RtlQueueApcWow64Thread.NTDLL(?,Function_00090950,00000000,00000000,00000000), ref: 04E50CE1
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Thread$CurrentQueueWow64
                                        • String ID:
                                        • API String ID: 829397326-0
                                        • Opcode ID: 6da106973009a0fed2bdc7d37796c16f7d01eb9bb44ded0ef8dd393ab7a09a8f
                                        • Instruction ID: bba50fdc7b7412e848ad99bc3f43592850a1b808772e2a92ce578392df7f3731
                                        • Opcode Fuzzy Hash: 6da106973009a0fed2bdc7d37796c16f7d01eb9bb44ded0ef8dd393ab7a09a8f
                                        • Instruction Fuzzy Hash: 28E02632642221B7D2301B62BC08F87BAA4EF85B12F010426FD01B7280CAB4BC01C7E1
                                        Function 04E91930 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetSystemInfo.KERNELBASE(759216C0,759216C0,7591F3C0,7591F550,?,?,?,?,04E9108F,00000000,01000000,00000400,00000000), ref: 04E9195D
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: InfoSystem
                                        • String ID:
                                        • API String ID: 31276548-0
                                        • Opcode ID: c7c487f99afaa5878a9ccf038ff6593d7e4e36aaf8df246f2d9d7fc6ebdf8f85
                                        • Instruction ID: b8e9dcf846666cff8bbe777920adfd6f93a5a72bce00d0d04554d1d8e4eefc92
                                        • Opcode Fuzzy Hash: c7c487f99afaa5878a9ccf038ff6593d7e4e36aaf8df246f2d9d7fc6ebdf8f85
                                        • Instruction Fuzzy Hash: 47218071B047114FEB18CE2EC89025AF7E6BFC9218F44963EE486C7798E635ED858640
                                        Function 04E341E0 Relevance: 1.5, APIs: 1, Instructions: 41threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateThread.KERNELBASE(00000000,00000000,Function_000741D0,?,00000000,?), ref: 04E341F7
                                          • Part of subcall function 04E33970: InterlockedExchange.KERNEL32(?,00000000), ref: 04E33B03
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CreateExchangeInterlockedThread
                                        • String ID:
                                        • API String ID: 250680929-0
                                        • Opcode ID: 17d8b843be1d0b3633a3705b4b99e003a65cbce3d5d27cc896bd7906b9c22ff5
                                        • Instruction ID: d7a25bf90050b49ba98a2631a1ed91ab28a9a207d64f2fb76d908971fa696d09
                                        • Opcode Fuzzy Hash: 17d8b843be1d0b3633a3705b4b99e003a65cbce3d5d27cc896bd7906b9c22ff5
                                        • Instruction Fuzzy Hash: A8F06936200210AFC224DF59DC48F97B7F8EF89711F00881DF68997290DA74B809CBA1
                                        Function 04E4CA40 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Free
                                        • String ID:
                                        • API String ID: 3978063606-0
                                        • Opcode ID: 3aba30ef155284d3e9bf1d73e783b56114aa95cc551db6d9b5883235f2acc0fa
                                        • Instruction ID: 98833d13b2d3bff60d259ffc727b174de8638113494b50acc513fb5a3dd020e1
                                        • Opcode Fuzzy Hash: 3aba30ef155284d3e9bf1d73e783b56114aa95cc551db6d9b5883235f2acc0fa
                                        • Instruction Fuzzy Hash: DAE0DFB050531053E221DF28A808657BBD4AB4171CB29AE1DF0EB972C5C330F800C382
                                        Function 04E65810 Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNELBASE(?,?,?,?,?,04DC49A6,?,?,00000004), ref: 04E6582C
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 751f615d4ac3fe7590913f298f543741074421c4f534851ee78fb5a2a067c5ef
                                        • Instruction ID: 159c6b06458c7571245d36f19c7452a52bcc08ad23318abf5260babdef61a1f9
                                        • Opcode Fuzzy Hash: 751f615d4ac3fe7590913f298f543741074421c4f534851ee78fb5a2a067c5ef
                                        • Instruction Fuzzy Hash: E8E0E2B2204711AF8364CF58E840D57B7F9EB88B10B00C91EB19DC3204D670EC458BA1
                                        Function 04E65840 Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNELBASE(?,?,?,00000000,?,04DC49B9), ref: 04E65856
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 5d28887f326e2e77d1b00058349b0db1823ae0c85fced79f58593720f98d7893
                                        • Instruction ID: a9cd7417bc77f849e36d67f3c2a9c28c573d0833ac668086bb24077296006c61
                                        • Opcode Fuzzy Hash: 5d28887f326e2e77d1b00058349b0db1823ae0c85fced79f58593720f98d7893
                                        • Instruction Fuzzy Hash: 47D0C9B0110104EFD358CB24DC44E6673ADEB8831AF24859DE04E8B282C737EC47CB60
                                        Function 04E30B00 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetErrorMode.KERNELBASE(00000000,?,04DFB244,00000001), ref: 04E30B08
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorMode
                                        • String ID:
                                        • API String ID: 2340568224-0
                                        • Opcode ID: 98bb6cb0cbe1e50a63c7051ff444c2283971982efbbe92b78551df288405e0ac
                                        • Instruction ID: 073953566026487f6675ae1e65d00f1800bdd8e28732a1862a1c8b7f3d39c1be
                                        • Opcode Fuzzy Hash: 98bb6cb0cbe1e50a63c7051ff444c2283971982efbbe92b78551df288405e0ac
                                        • Instruction Fuzzy Hash: 26C09B772052305FC360DF5D9804D47FBD4DB58661701492BB588C3204C534CC40C790
                                        Function 04E35FC0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetFileAttributesW.KERNELBASE(?,04E7A507,?), ref: 04E35FC5
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: AttributesFile
                                        • String ID:
                                        • API String ID: 3188754299-0
                                        • Opcode ID: 2e51080f525d7d355334f5ab9a89eacfd2090ee0f45772329ee864bdd8d32cfc
                                        • Instruction ID: bacf291d5b71498e2d0fde7e734f4c297745c6306517dea2d7f57a483b51de33
                                        • Opcode Fuzzy Hash: 2e51080f525d7d355334f5ab9a89eacfd2090ee0f45772329ee864bdd8d32cfc
                                        • Instruction Fuzzy Hash: EEB012BB3101105BCB0847799D8994E32949F49A327200B1DB033C30C0DB34CC50AB11
                                        Function 04E30B20 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetErrorMode.KERNELBASE(00000000,04DFC255,?), ref: 04E30B23
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorMode
                                        • String ID:
                                        • API String ID: 2340568224-0
                                        • Opcode ID: f7257389726af57d77bb0da44f7f19e24067499b56eb46c61e3aff6854f27821
                                        • Instruction ID: aa4a2e53d1a666e53cfb845465cc12910e11728b89828a950d071c2c3c151544
                                        • Opcode Fuzzy Hash: f7257389726af57d77bb0da44f7f19e24067499b56eb46c61e3aff6854f27821
                                        • Instruction Fuzzy Hash: 9EA002719002109BCE00DBB6D94CD057768EB453067100596B411C6054CA399C40CA10
                                        Function 02655C80 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ,gq
                                        • API String ID: 0-3993090981
                                        • Opcode ID: 1c97e9e7fbd4dfc11f658b8a76533e0bbe970a11712466081822b0a5a7cfd1a7
                                        • Instruction ID: 3b78f48467197e97152789d291331c4a2b74e208d3132c7e018f6c3f09689020
                                        • Opcode Fuzzy Hash: 1c97e9e7fbd4dfc11f658b8a76533e0bbe970a11712466081822b0a5a7cfd1a7
                                        • Instruction Fuzzy Hash: FD818F717152658FCB199B78845C67A77E2AF85215FE540AACC07CB3A1EF30C842CB96
                                        Function 099E1EF8 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2778595133.00000000099E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: true
                                        • Associated: 00000009.00000002.2778525625.00000000099C0000.00000004.10000000.00040000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_99c0000_LisectAVT_2403002B_286_Update.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: c
                                        • API String ID: 0-112844655
                                        • Opcode ID: 46cf3e101da8102c6bf88aa8e6e2faeb891e765461b09d99b27b68e28d34f7f0
                                        • Instruction ID: 066d86f41ba3a7040c274cc95a023afc8de2a262b88671e21eab7ff5e8370d02
                                        • Opcode Fuzzy Hash: 46cf3e101da8102c6bf88aa8e6e2faeb891e765461b09d99b27b68e28d34f7f0
                                        • Instruction Fuzzy Hash: BE51F676F042298FCB15EB68D8400AEFBA3FFC5360725856AC859AB341DB309D06CBD1
                                        Function 02651FDC Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Tcdq
                                        • API String ID: 0-153738649
                                        • Opcode ID: c5fa3a5985d4619f93f65a64f0a7a6178e39ec69dc7df118573ff7176251335b
                                        • Instruction ID: 4da6ef5286daf52761791c0d3c29f17a69af158f2443dc91af31ba14d29d1972
                                        • Opcode Fuzzy Hash: c5fa3a5985d4619f93f65a64f0a7a6178e39ec69dc7df118573ff7176251335b
                                        • Instruction Fuzzy Hash: 5521FEB1C01258AEDB20CF99C594BDEBFB5AF48314F24806AE819AB240C3751885CF91
                                        Function 0265BF25 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ,B2
                                        • API String ID: 0-739408609
                                        • Opcode ID: 4c22a9082e6ae1b2a831644ed31d1247b3d080f8da24e8222f725a39f0787d31
                                        • Instruction ID: 22f91de3d62e7a1c6ad015d0b2e08b21c73a899434aae35ac4f7541d66816258
                                        • Opcode Fuzzy Hash: 4c22a9082e6ae1b2a831644ed31d1247b3d080f8da24e8222f725a39f0787d31
                                        • Instruction Fuzzy Hash: A0113831E05284AFCB059FB8C8196ADBF72EF82340F2080EAD509E7191DE349A05DB91
                                        Function 02651FE8 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Tcdq
                                        • API String ID: 0-153738649
                                        • Opcode ID: 12da6e6f809c47778fba5bccd3c9eb120159eebc41395396720cef22150a1e7b
                                        • Instruction ID: be55cb4fdc5995885bf4bcaad64b563e172b2a7e79fa6448c81b57b6caa01b5a
                                        • Opcode Fuzzy Hash: 12da6e6f809c47778fba5bccd3c9eb120159eebc41395396720cef22150a1e7b
                                        • Instruction Fuzzy Hash: 1621BEB1D012589FDB20DF9AC994BDEBFF5AF48314F248029E819BB280C7755885CFA5
                                        Function 04E66E10 Relevance: 1.3, APIs: 1, Instructions: 46COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E30AB0: GetLastError.KERNEL32(04F51C80,04E66E1D,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AB3
                                          • Part of subcall function 04E30AC0: GetLastError.KERNEL32(00000000,04E66E59,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AC3
                                        • CloseHandle.KERNEL32(00000000,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E66E71
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorLast$CloseHandle
                                        • String ID:
                                        • API String ID: 3463825546-0
                                        • Opcode ID: c911036e626ad661a172e240fe455293b5667eb1d17deabee7c05a3bccd016d3
                                        • Instruction ID: 0fe1d14a10c55c3eb769fd177f103417522ed66919137b5930fc104f849b6e6d
                                        • Opcode Fuzzy Hash: c911036e626ad661a172e240fe455293b5667eb1d17deabee7c05a3bccd016d3
                                        • Instruction Fuzzy Hash: 020140722446105BC214DA78C880E5BB3E5AFC8A68F20CB1DF5AA972E4D730EE02C791
                                        Function 0265BF78 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ,B2
                                        • API String ID: 0-739408609
                                        • Opcode ID: 9834a68f90c0c8d17e254b35ecbfbefeeab464674771e990d73782b282dc3f67
                                        • Instruction ID: 97a838af378bff43d623ed1b1f63143d086b338b506b81bc2b319886cbd3a404
                                        • Opcode Fuzzy Hash: 9834a68f90c0c8d17e254b35ecbfbefeeab464674771e990d73782b282dc3f67
                                        • Instruction Fuzzy Hash: FDF0F635F00218ABDB08ABF99C09B9EB772EF82340F508075EA0DE3284EE3095008F95
                                        Function 04DC4830 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CloseHandle
                                        • String ID:
                                        • API String ID: 2962429428-0
                                        • Opcode ID: c354873c5727ccc2b8ef44bb2caa2bef5b4b8bc9104eb43f1cc48c9e35521a75
                                        • Instruction ID: 5b4f5bab8e1e6683c34e040027efc18847eaec94093363d8df2247795ea74cf2
                                        • Opcode Fuzzy Hash: c354873c5727ccc2b8ef44bb2caa2bef5b4b8bc9104eb43f1cc48c9e35521a75
                                        • Instruction Fuzzy Hash: 1AE048705042525AFF218F299815F57B7D46F01368F14892DE4B8C31D1D774F845C752
                                        Function 04E97E30 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAlloc.KERNELBASE(00000000,00000005,00001000,?,04E65A9B,?,00000005,00000040,?,?,?,?,00000000), ref: 04E97E41
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: b2ee6b103903e08cafdbc525fb68ad67ee7df34c17d1a3f55d5b3bc1dee7585f
                                        • Instruction ID: ec59a5197df960fb9a1f02638f8f0801fe725c4364b1f34eefda5c77366c6efe
                                        • Opcode Fuzzy Hash: b2ee6b103903e08cafdbc525fb68ad67ee7df34c17d1a3f55d5b3bc1dee7585f
                                        • Instruction Fuzzy Hash: E1C09B752443007FED04C751CD45F667774E784752F104509B545461D4C5B06C40C611
                                        Function 0265BC62 Relevance: .2, Instructions: 195COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 958f957f68619244eedbcb273f9ae289d71fc140ce9cd1fa6e996b44db5caa3c
                                        • Instruction ID: a04193778524610f2e3602dafb2d3151c72947ed127c91cac4114ee31f617b2e
                                        • Opcode Fuzzy Hash: 958f957f68619244eedbcb273f9ae289d71fc140ce9cd1fa6e996b44db5caa3c
                                        • Instruction Fuzzy Hash: 4A515A72D093A58FC707DB38C8941ADBFB1EF56258F1902E7C844DB2A7DA244C06CBA5
                                        Function 02655210 Relevance: .2, Instructions: 184COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fb280df31396d69f982075ff0aa715b3c3026e982d9aca071070d6629b7a9d7f
                                        • Instruction ID: fc198bd21147df949a99545c717fe84a3205ac9468b1cdb05adf1048f4a46d6a
                                        • Opcode Fuzzy Hash: fb280df31396d69f982075ff0aa715b3c3026e982d9aca071070d6629b7a9d7f
                                        • Instruction Fuzzy Hash: E9613870A08259DFCB05DF78C89446EBBB2FF81310B6449EAD84ADB392DB359D45CB90
                                        Function 026512AF Relevance: .1, Instructions: 115COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3741b0bcba23b722fdd60778307b08713ddc9fde2dbb82ec25a2d054c43fae5e
                                        • Instruction ID: 80a3234a23919d62c57f73277759156751a779c9a4228a3c94f57427783d6ede
                                        • Opcode Fuzzy Hash: 3741b0bcba23b722fdd60778307b08713ddc9fde2dbb82ec25a2d054c43fae5e
                                        • Instruction Fuzzy Hash: F4418B31B002118BCB55AB39D52866F3AE7EFC8710B10896DD80ADB3A5EF75DC068BD1
                                        Function 026512B0 Relevance: .1, Instructions: 115COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 21eaa4f8a56a1b41976b7871ba9cda936a8ccf8345a7d8a853b374ed2d1c2ab6
                                        • Instruction ID: 8dbbba3a0fdf943e7ccfed1915fa1f6934a8d288abeb3be5af6ae9806fe600ea
                                        • Opcode Fuzzy Hash: 21eaa4f8a56a1b41976b7871ba9cda936a8ccf8345a7d8a853b374ed2d1c2ab6
                                        • Instruction Fuzzy Hash: BF418B31B002118BCB15AB39D52862F3AE7EFC8710B50896DD80ACB3A5EF75DC068BD5
                                        Function 02651C00 Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a5b85707fa145490e7c888032ca18d2015de3987670e0e1e293801ad68ab22f
                                        • Instruction ID: a4cdc62533964e413c37458c5a9869dae76e34e5bfa0cb914ea80903b0817d05
                                        • Opcode Fuzzy Hash: 9a5b85707fa145490e7c888032ca18d2015de3987670e0e1e293801ad68ab22f
                                        • Instruction Fuzzy Hash: 39216130A01215CBDB29ABB5C51437E76A6AF85305F5008AECC56E7380EF7ADC01DBA5
                                        Function 02651BFF Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8b2658eaa98f431bb218107f6a8d784f71553ca0b000e277f5834953bc9ca260
                                        • Instruction ID: 5f28afc2b0f0939ac45519d29dd223ec53a3488242dbc86444374ca1d4b93349
                                        • Opcode Fuzzy Hash: 8b2658eaa98f431bb218107f6a8d784f71553ca0b000e277f5834953bc9ca260
                                        • Instruction Fuzzy Hash: B7219231A00215CBDB25ABB5C5143BE7AE6AF85304F1008ADCC56E7380EF76CC06DBA5
                                        Function 0265BDC7 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cb2c53e931cbce2eae9b9eddd0f3b24d38ed5aada78d82ef70e8c95045900b40
                                        • Instruction ID: 2f7ff89636abef6c92b70b5781ff80bbbcc31fbcc3cd25cad175c87fe0996a33
                                        • Opcode Fuzzy Hash: cb2c53e931cbce2eae9b9eddd0f3b24d38ed5aada78d82ef70e8c95045900b40
                                        • Instruction Fuzzy Hash: 3A119032F001298FCB54AF6998855AEFBE3EBC9264B59417AD809E7354DB708C068BD0
                                        Function 0258D01C Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2758793057.000000000258D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0258D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_258d000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 618f04776003afa93a44e56d658e83a18dc932eba5478e01db9bc5e76299b71f
                                        • Instruction ID: 28a8f87744921dd315218b4003d0d870f300b36251bf04bd64d986dc2fa22b81
                                        • Opcode Fuzzy Hash: 618f04776003afa93a44e56d658e83a18dc932eba5478e01db9bc5e76299b71f
                                        • Instruction Fuzzy Hash: F5212F71605200DFDB14EF24C984B36BBB5FB84318F20C96DE8096B282D37AD807C666
                                        Function 0265B59A Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b4893c87fb9f03f4f20d1b5b81194d0156fa6c8184432afb04762f3d38ee941e
                                        • Instruction ID: 914bf54ddc000761ee793e4dcb47127db61e8f924e9b2d250d3f176bd6a709af
                                        • Opcode Fuzzy Hash: b4893c87fb9f03f4f20d1b5b81194d0156fa6c8184432afb04762f3d38ee941e
                                        • Instruction Fuzzy Hash: 0E11D077F101348FDB049E788841759B7E3ABC8694F5A82A9EC01EF395EB71DD018B80
                                        Function 02655B31 Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f586d5366572c7999ba72f2e349e0de3992aaaf1c99de411769ea0fb8489fe48
                                        • Instruction ID: a8cea969efe1d5905e532c55aecdfaa5deb6fcc2ac00e7496a3a54b428566b5d
                                        • Opcode Fuzzy Hash: f586d5366572c7999ba72f2e349e0de3992aaaf1c99de411769ea0fb8489fe48
                                        • Instruction Fuzzy Hash: D7117870300B114FC7169F38C468A9ABFB6FFC1320B058A2DD8428B741CB719C05C790
                                        Function 0265BDE0 Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f8e89ade147848f7138bca7e9e8e3f6e26db8158367403b21140b6e9a4915958
                                        • Instruction ID: 455762fe07879deef6095600b39fd810358194d10f46a1e18d5f4e9dd1727022
                                        • Opcode Fuzzy Hash: f8e89ade147848f7138bca7e9e8e3f6e26db8158367403b21140b6e9a4915958
                                        • Instruction Fuzzy Hash: A611C831F105298B8B14EF6D984556EF7E7EBC9264B584179D809E7354DB708C0687D0
                                        Function 0265BDDF Relevance: .1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d606b43cf0a2342d421ffd7e9e64899ddff204e1a8cf0ff54f218b85115458f9
                                        • Instruction ID: 93fdbf02f1d0e4349d336cd9d53ba003a25a0ec0c66c58cad48fd139e5487f98
                                        • Opcode Fuzzy Hash: d606b43cf0a2342d421ffd7e9e64899ddff204e1a8cf0ff54f218b85115458f9
                                        • Instruction Fuzzy Hash: 1C119432F005298F8B14DF6D98855BEFBE3EBC9264B194179D809E7354DB708C068BD0
                                        Function 0258D006 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2758793057.000000000258D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0258D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_258d000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a1dc4007b9823599caf6f575a148eedd3790bfb4e13e7fc03d38be7a801c7bbe
                                        • Instruction ID: fa01dfaa416c6bfa2144a3c5c921cf62ba06394764ce1ea3969100a9305a1ca0
                                        • Opcode Fuzzy Hash: a1dc4007b9823599caf6f575a148eedd3790bfb4e13e7fc03d38be7a801c7bbe
                                        • Instruction Fuzzy Hash: 9221A17550A3C0CFD702DF20C594725BFB1FB46214F28C5DAC8898B693C33A984ACB62
                                        Function 02655058 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8c00438dd49f838ad3499a5793bbc91cd328ea4fafed6d02c2f9d929db0360c9
                                        • Instruction ID: 9b742766d409e43b3c65455f9c45d43479943c472ae42b2d026b4448efa379cb
                                        • Opcode Fuzzy Hash: 8c00438dd49f838ad3499a5793bbc91cd328ea4fafed6d02c2f9d929db0360c9
                                        • Instruction Fuzzy Hash: 040149307082908FC702AB6AD85856EBFF2FFC522075405AED44E87292CE244D46C7A1
                                        Function 026520E0 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 760153857e8e2353f795bd33433fc1fced503c752d59007b0019f93023ded668
                                        • Instruction ID: b991b314c7a8a455df66e173d3b396776c66de45394f0c5883412bc5eec67ebf
                                        • Opcode Fuzzy Hash: 760153857e8e2353f795bd33433fc1fced503c752d59007b0019f93023ded668
                                        • Instruction Fuzzy Hash: 9901AD327002A687DB3A67BA813027F7A939FC0354F14056D8E428B395EF25DC028796
                                        Function 02655B50 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d6f0059a4e7bb650f6fa14025c103b5e77374ee3d3809922cd630d3aa63ad2ae
                                        • Instruction ID: 0823e41a8f4fc59571f9b9a87ee4b24bf56fdf2da754cb8b3409b565629a7163
                                        • Opcode Fuzzy Hash: d6f0059a4e7bb650f6fa14025c103b5e77374ee3d3809922cd630d3aa63ad2ae
                                        • Instruction Fuzzy Hash: EE11E571300B124BC3119B6CD4A8A9A7BB6FFC5320B558A2CD9468B741DB7598068794
                                        Function 026520E8 Relevance: .1, Instructions: 54COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8edcc8e603538a1caac919c516d71b42467dfc513e4621cc048c77166efa1639
                                        • Instruction ID: eb65c7d182d826a7e3320bcd481ce8d3caca79e2e5d51e264feaaa7187c671f4
                                        • Opcode Fuzzy Hash: 8edcc8e603538a1caac919c516d71b42467dfc513e4621cc048c77166efa1639
                                        • Instruction Fuzzy Hash: BF019E3270026647DB7A66BA853033F78879FC0744F04456D8E478B794EF20DC0286A6
                                        Function 02655490 Relevance: .1, Instructions: 54COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 852115d8a11710e667a1542229148ea6c9724066974559221be1dd0621b10922
                                        • Instruction ID: 4c92eeca01972d6806ace2049e80cc808aaabe6ef44cdcae2c8f7e2682af5413
                                        • Opcode Fuzzy Hash: 852115d8a11710e667a1542229148ea6c9724066974559221be1dd0621b10922
                                        • Instruction Fuzzy Hash: 09119B70A4D2C89FC746DBB8C4554AD7FB1BF8621076404EEC086DF263CA255D46DB51
                                        Function 026554A0 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: de18cbf9d3ac73406d0f4d6e86c13a5e8ace774bd5206c5fccdd56ac1d4ef428
                                        • Instruction ID: 68ab12b42bd2acad174935588663fa9f646507109acc1dc228eb5bce1409e0d6
                                        • Opcode Fuzzy Hash: de18cbf9d3ac73406d0f4d6e86c13a5e8ace774bd5206c5fccdd56ac1d4ef428
                                        • Instruction Fuzzy Hash: DA01B970A4C2C89FC746DBB8C8654ADBFB1BF8621076404EAC086DF2A3CA255D45DB61
                                        Function 02651D2E Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8d81348dcd5d4c1902523c8ab0ce94543f76c3a3c1891ed0291cc7183ca96a13
                                        • Instruction ID: 9ac1c6cea2f8141313a724715def0c73473e88bfe3272e6cf475992d9b54d49b
                                        • Opcode Fuzzy Hash: 8d81348dcd5d4c1902523c8ab0ce94543f76c3a3c1891ed0291cc7183ca96a13
                                        • Instruction Fuzzy Hash: BE118B31A01315CBEB14ABF1851836D76BAAF4A304F1008AECC43E6290FF7AC915DA65
                                        Function 02651D25 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 75174ce6abd3365a79fb528a648b03bc588995926f62ec18633031230c5fa9cf
                                        • Instruction ID: 09f110b509f1bfc616568c02d23038016eb65b373389e7d0f5a5a8110bab0d99
                                        • Opcode Fuzzy Hash: 75174ce6abd3365a79fb528a648b03bc588995926f62ec18633031230c5fa9cf
                                        • Instruction Fuzzy Hash: 68018431A01315C7EB14ABF1C51836D76B6AF09304F1008AECC47E62D0EF7AC915DB65
                                        Function 02655B60 Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 78a7ed829f9beea6f56e46a5c72786b8e9cd5c94fecd7c8ea26cff1cf752eaae
                                        • Instruction ID: ca50211279fc60b956e3a6170871999cb3bb3544b494799635a0e2d376224adc
                                        • Opcode Fuzzy Hash: 78a7ed829f9beea6f56e46a5c72786b8e9cd5c94fecd7c8ea26cff1cf752eaae
                                        • Instruction Fuzzy Hash: 1501D4B1300B228BC310AB69D458A5ABBA6FFC4320B544A2CE9078B340DFB5EC458795
                                        Function 02650BD0 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5b45c998bad51b6d404a42654876964c62fd42ea650136ed432d5d91284ca804
                                        • Instruction ID: 756ef2969fb1e1ab1b8baacb81d010db07d3dbcdb3f01ef3c2fb918b8e9a37a1
                                        • Opcode Fuzzy Hash: 5b45c998bad51b6d404a42654876964c62fd42ea650136ed432d5d91284ca804
                                        • Instruction Fuzzy Hash: 8E118E7084D3C59FC70ADF78D8A14897FF4AE4222071980EBC049DB2A3DB24490EDF16
                                        Function 02651E71 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e354a0cc7a855a76e2ddb0ace29f9c2fc76e8c953a41e9be9b6c87b9634feefd
                                        • Instruction ID: 822de2418c92f7e5c7fc7f3d51cf3f4611725fe6c63650fdf1fb986df203e55b
                                        • Opcode Fuzzy Hash: e354a0cc7a855a76e2ddb0ace29f9c2fc76e8c953a41e9be9b6c87b9634feefd
                                        • Instruction Fuzzy Hash: EB1155B58002598FDB10CF9AC944BDEBBF8EF48320F14855AD468A3290C778A544CFA0
                                        Function 02651E78 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cf86606adcb8d8f7e6a2fd656a37fcbc4579cc12e6942f188f67dcdcf74a012a
                                        • Instruction ID: f73c03a3ae054d97df56599eeb76c0c634250c6841a168ab5c337ec8ba68a2a4
                                        • Opcode Fuzzy Hash: cf86606adcb8d8f7e6a2fd656a37fcbc4579cc12e6942f188f67dcdcf74a012a
                                        • Instruction Fuzzy Hash: CD1136B1800259CFDB10CF9AC944BDEFBF8EF48320F14845AD518A3240D778A944CFA5
                                        Function 0257D006 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2758512570.000000000257D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0257D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_257d000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 24222a248aa32b285314aa1fbefde6b3085276173566708c221168256a969bc6
                                        • Instruction ID: b07d86dc439a4e08c239fd9d8cb2b450728b210f1081ec7cd8d9c1235c7d4ed5
                                        • Opcode Fuzzy Hash: 24222a248aa32b285314aa1fbefde6b3085276173566708c221168256a969bc6
                                        • Instruction Fuzzy Hash: 8001406200E3C05FD7128B259994B66BFB4EF53224F1D80CBD8888F1A7C3695845C772
                                        Function 0257D01D Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2758512570.000000000257D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0257D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_257d000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 698d6c5f3e3517edf45c38464bab0db3e71b1f284a8445fb181a1cf29b028ea5
                                        • Instruction ID: 89cc0dac6ec3bc3e200877be0321d0f83fd9df4d0254808221efa2d8064fa6f1
                                        • Opcode Fuzzy Hash: 698d6c5f3e3517edf45c38464bab0db3e71b1f284a8445fb181a1cf29b028ea5
                                        • Instruction Fuzzy Hash: 8401F7710463409EE7118E25D9C4776BFA8EF41334F18C819EC480B142D3799841C6B5
                                        Function 02650862 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dc4d4e0835dd236294ea94eb15830e4858505ffc54a1561e818d0f87ddd38958
                                        • Instruction ID: c0338ad23ff71b81d49b09515a691a84579e6d41f04cc96f2ff8fb32d38d2639
                                        • Opcode Fuzzy Hash: dc4d4e0835dd236294ea94eb15830e4858505ffc54a1561e818d0f87ddd38958
                                        • Instruction Fuzzy Hash: CE014730949198DEDB01AFB4B8450F93B66FB44328FA004DAC94167102DB65452EEBA6
                                        Function 026554D8 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 531aefc43d33461c74f53ec5f7aa2db784083e29ef59e12caaaf2a25bf17e1bf
                                        • Instruction ID: e7252f8c4a8c9436391f3cb55312a2aab9d56e8e2aaaf760c8209f0217bcdc36
                                        • Opcode Fuzzy Hash: 531aefc43d33461c74f53ec5f7aa2db784083e29ef59e12caaaf2a25bf17e1bf
                                        • Instruction Fuzzy Hash: A2F0E93094C2C48FC706DBB4C4584997FB0FE0622432404DED48ACF273C6288D46DF51
                                        Function 02655A88 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a3508c281bb64472fa8addec4435068d09fbc0f1cd926f406622fc4b855c8e1f
                                        • Instruction ID: 38ae54f4349715e2eb2550d04e8eb45d7f52fe226981d2385685806b91efc9dc
                                        • Opcode Fuzzy Hash: a3508c281bb64472fa8addec4435068d09fbc0f1cd926f406622fc4b855c8e1f
                                        • Instruction Fuzzy Hash: BEF0A47056420ADBC701EB74F844A9E7B77FFC0300F5086A8D50A87749DE704D45BB92
                                        Function 02655A98 Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 79f57a1932ade4e2163448d9d3bb1f9349a63931ba96c1c3d4679f8f5dbff95a
                                        • Instruction ID: b1337337b0c23149c559d263822b9a5798d42c1d8cc7ed904f5cda54c5ba1d28
                                        • Opcode Fuzzy Hash: 79f57a1932ade4e2163448d9d3bb1f9349a63931ba96c1c3d4679f8f5dbff95a
                                        • Instruction Fuzzy Hash: EFF0627156460AEBC701FB74F804A9E7B6BFFC0300F5085A8D50A87749DF705D45AB96
                                        Function 02650B70 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d4e287d909e172e19229b0f6fddcac74524bd8e66efb71a19e5e34f4d8aec9f7
                                        • Instruction ID: e4f782b8554f438eff4b9861c20e8300d9a6d326a9afa0e320bc472871d8a256
                                        • Opcode Fuzzy Hash: d4e287d909e172e19229b0f6fddcac74524bd8e66efb71a19e5e34f4d8aec9f7
                                        • Instruction Fuzzy Hash: 00F0B4B0945206AFC701DF78F9106AD7BB5EF86200B5049AAC004E7251EE710D15DF14
                                        Function 02650950 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ca43f76fa8da653c2ec72fcb14c8649414f414996a890ed50d7d9e812cd36344
                                        • Instruction ID: 34cb458df1288521be98c0a9e627676bf7f40c8d3cca5981d42566bf13f8ca46
                                        • Opcode Fuzzy Hash: ca43f76fa8da653c2ec72fcb14c8649414f414996a890ed50d7d9e812cd36344
                                        • Instruction Fuzzy Hash: 4FF02760848094ADCB109B746C051FABFEDBF05220F1405DAD88CA7103D761412ACB62
                                        Function 0265BEA8 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ae81bb2a9e77112ea6e77685607d7400acb3fe8912d2e1e3b86fd24bccebd298
                                        • Instruction ID: 5f779781d81bea10ebc0082f7bf10a56733204d23f941fff21b133049d3573e9
                                        • Opcode Fuzzy Hash: ae81bb2a9e77112ea6e77685607d7400acb3fe8912d2e1e3b86fd24bccebd298
                                        • Instruction Fuzzy Hash: F2F0A76594D2C49FCB869774A8610ADBF72AB8320175804DAC08ADB2A6CA644D06E751
                                        Function 02651F60 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a782d4181845bbff37b820a96e9088982e57dadedd3fb4aaa1069c30cc5d62db
                                        • Instruction ID: 13314959a17af53e285aeb1e2c861050faf9aa7dba0372fc64b0fdd778912f8d
                                        • Opcode Fuzzy Hash: a782d4181845bbff37b820a96e9088982e57dadedd3fb4aaa1069c30cc5d62db
                                        • Instruction Fuzzy Hash: DFF02470D40219CFCB01AFB844052FD7BF4EB05304F104469C815AA200E7B604168F84
                                        Function 02651F68 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 11faa8b5605cd52c068899fa973c31686143e2a64e1eae504f88a9bc20ae3858
                                        • Instruction ID: 0d0e1b8779c01bde8ed08df5ee3c7bc773cb20b630d99eee0d1b10ebe8ecc0bf
                                        • Opcode Fuzzy Hash: 11faa8b5605cd52c068899fa973c31686143e2a64e1eae504f88a9bc20ae3858
                                        • Instruction Fuzzy Hash: 27F02770E40329CFCB00AFB988043BD7AF8EB06308F504465D918AB340EBB545168FC5
                                        Function 026550AF Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f0397fbb9db99a1da6b36089febd04acbd314d55be7d563eebcb8028c374e5a7
                                        • Instruction ID: fef0dac225e9d13c65adbfa654bd41a024c9c2b8a40c30edac90bb9b53c2dbcc
                                        • Opcode Fuzzy Hash: f0397fbb9db99a1da6b36089febd04acbd314d55be7d563eebcb8028c374e5a7
                                        • Instruction Fuzzy Hash: 39E0DF31B046209B8715A6AFF8448AFBBEAFFC9221354493EE40EC3352CE615C068A61
                                        Function 026550B0 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f97128e1472d824b48415badae2bf5566d9f52e1121c3707b62c139866914655
                                        • Instruction ID: f98edfc33ba0d81573b50f4b44f4c1ceb140b0f486e2205016288f3c6fbc999f
                                        • Opcode Fuzzy Hash: f97128e1472d824b48415badae2bf5566d9f52e1121c3707b62c139866914655
                                        • Instruction Fuzzy Hash: 67E02631700620978214B69FF84445FBBEFFFC9221384483EE40EC3352CE216C0646A5
                                        Function 02655C00 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b60666ad3c76fa23384c0e27fbff1bd400214bee20918a7487e4343cda4a6b3e
                                        • Instruction ID: 143d34e21b299f407c5111299793fefab0f287cca00e1c591f631379eb38c503
                                        • Opcode Fuzzy Hash: b60666ad3c76fa23384c0e27fbff1bd400214bee20918a7487e4343cda4a6b3e
                                        • Instruction Fuzzy Hash: FDE09270A09284AFC742CBB898616EE7FF5CF87204F1044E9D8C4DB242D9320A06D752
                                        Function 0265BEB8 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8d19bceee7490d9e9df0046438dbe6cfb038b4038ff77ec9ba9937f0caef5072
                                        • Instruction ID: 09da7cdf4f9f626936d5b58208ca65c5e4de30f6896deee158677fdf53d725fc
                                        • Opcode Fuzzy Hash: 8d19bceee7490d9e9df0046438dbe6cfb038b4038ff77ec9ba9937f0caef5072
                                        • Instruction Fuzzy Hash: 10E0D13054D288DFCB45D775D41145DBFB6AFC324072040D9C04EDB292CD304D05D715
                                        Function 02650B80 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c11605f31c46ce3f708cec154ed70bc19176afb510468af8ea98c34bb37e73de
                                        • Instruction ID: 233f94b122ebcc81868e251cd7ecca8db1652a0cd1a0be171998534b6ea76371
                                        • Opcode Fuzzy Hash: c11605f31c46ce3f708cec154ed70bc19176afb510468af8ea98c34bb37e73de
                                        • Instruction Fuzzy Hash: 9FE06DB090520ADFCB00EFB8F90065DBBB9EB45201F9099A8D408F7354EE715E14EF54
                                        Function 02650999 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3e51c243ae6583d02e68b74f343ff2e304b25bfd24f9c0cf803479659a701c73
                                        • Instruction ID: ece32e503fff29d608f488a2fe0239d5fd2fcdcfc4c50a220c106c736c828bff
                                        • Opcode Fuzzy Hash: 3e51c243ae6583d02e68b74f343ff2e304b25bfd24f9c0cf803479659a701c73
                                        • Instruction Fuzzy Hash: 44E0C220D480A8C7D30DBF54E81D279779BFBC4324F2014AE845E2B24ACA508829EF1B
                                        Function 02650C28 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c3c37e79c425a0bfc3e8a501ccb8b17c1b8b08f735f8b000603a96620e4dab8a
                                        • Instruction ID: 49e4226fe79c4c528eb7420f5cb906b7c2540f3a0804eb24b3ddd289808b4d30
                                        • Opcode Fuzzy Hash: c3c37e79c425a0bfc3e8a501ccb8b17c1b8b08f735f8b000603a96620e4dab8a
                                        • Instruction Fuzzy Hash: 7FE012B0C442099BCB0CEF69E84109DBBF8EB45310F5085BEC40DA3264EB705669AF89
                                        Function 02655C10 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 87f8d6251360bf0747db2e428ed2811523c3b86e4227415441853d284f7a713a
                                        • Instruction ID: 266e784043ac08e5c4de9296cea174d8ee4d349ec35292e66b59a2fb96a8030d
                                        • Opcode Fuzzy Hash: 87f8d6251360bf0747db2e428ed2811523c3b86e4227415441853d284f7a713a
                                        • Instruction Fuzzy Hash: D4D01770B01208ABCB40DFB8D50465EBBEADB85304F1084A9D809D7340EE326E049B91
                                        Function 02650930 Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ec4e9ba0609dddc9402e59611768d0df44b40ff76b563d4aa81ecb10537c41bc
                                        • Instruction ID: 8f0a66a8b9f9b8d18ef34651db715198af58426a07a2fbab48de651e3987659b
                                        • Opcode Fuzzy Hash: ec4e9ba0609dddc9402e59611768d0df44b40ff76b563d4aa81ecb10537c41bc
                                        • Instruction Fuzzy Hash: 19C0126008E3C13EC787163468908923FB80C9321030904EBE488A9473C0260029E326
                                        Function 02650C68 Relevance: .0, Instructions: 9COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 07d05f90757ac09d9a308835197251a0fd59e6fb0d45387563c8455939087924
                                        • Instruction ID: 981514a0fc2f8cefc3b4e918575df12a7658ae366a39efc250f0ef90c9eec40b
                                        • Opcode Fuzzy Hash: 07d05f90757ac09d9a308835197251a0fd59e6fb0d45387563c8455939087924
                                        • Instruction Fuzzy Hash: 7ED0CA30880244CEC708AF40A88ABA0BBF8EB01326F01A485C00C1A552C3F040A8EF9D
                                        Function 02655530 Relevance: .0, Instructions: 8COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cba1a2919e527f6cb332e92f87853fbdfecc367bd4cd8a6a2ae4ff2f82d6e65c
                                        • Instruction ID: a12ea09a2ef06a0298718637974fe9561b57a333b5c00572f3cb35e9867e8315
                                        • Opcode Fuzzy Hash: cba1a2919e527f6cb332e92f87853fbdfecc367bd4cd8a6a2ae4ff2f82d6e65c
                                        • Instruction Fuzzy Hash: A0C092B5540208CFC304DF58D844C20B3B8FF0962530100D1EA098B333C721EC82CE90
                                        Function 02650C70 Relevance: .0, Instructions: 8COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fcdbbab4c174eaa4bedd9efa96bdf7e084c89c4cba6199eb2e2220440b46c17b
                                        • Instruction ID: 386ce9e402b661c21328a7a2fc8c339cfbc5b5b8435fd14801db080fa273bd2d
                                        • Opcode Fuzzy Hash: fcdbbab4c174eaa4bedd9efa96bdf7e084c89c4cba6199eb2e2220440b46c17b
                                        • Instruction Fuzzy Hash: DBC04830880608CADB046E80A80A3A037ECE70432AF402914D50C26A41C7F550ACAE9E
                                        Function 02650850 Relevance: .0, Instructions: 5COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8cc616ea7e06e022128b67cc196428ab0ae758b46991d931eb1c591253a57903
                                        • Instruction ID: 76de9f31dd9748d6d4459f3e4acfa2091b5bdca825fb6b676341311957d68bc7
                                        • Opcode Fuzzy Hash: 8cc616ea7e06e022128b67cc196428ab0ae758b46991d931eb1c591253a57903
                                        • Instruction Fuzzy Hash: E790223008020CCB02002BC0380C0A0330C82000223800000E80C200000A802028208C
                                        Function 02650940 Relevance: .0, Instructions: 5COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c43007321cf97a43a05f4ecdbe82db582ff6c1b25b7ccde9cd23d34188c357e2
                                        • Instruction ID: d913b23f11d1321a5be00fd2f711add5d082d1df6577639044a660258135f66f
                                        • Opcode Fuzzy Hash: c43007321cf97a43a05f4ecdbe82db582ff6c1b25b7ccde9cd23d34188c357e2
                                        • Instruction Fuzzy Hash: CD90223008020C8F03802B823808280B32CA0002003800802A00C000022AA220200088
                                        Function 0265BF00 Relevance: .0, Instructions: 5COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2759653882.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_2650000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1df805a6b873b57bafb100874019cf85e17c5edb29c6e1d912926a950b108ff3
                                        • Instruction ID: a15491b8fb5c82e19f64a2f3643ad1f5d7f2b9ead9c1577205dcbd155e79eb60
                                        • Opcode Fuzzy Hash: 1df805a6b873b57bafb100874019cf85e17c5edb29c6e1d912926a950b108ff3
                                        • Instruction Fuzzy Hash: BA90023104460CCB45802796740956AB75CD7465567904056A50D815035AA5643146AA

                                        Non-executed Functions

                                        Function 04E764A0 Relevance: 174.6, APIs: 90, Strings: 9, Instructions: 1359filememorynativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000,00000000,?), ref: 04E764F1
                                        • ReadFile.KERNEL32(00000000,?,00000040,?,00000000), ref: 04E76514
                                        • SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 04E76523
                                        • ReadFile.KERNEL32(00000000,?,000000F8,?,00000000), ref: 04E76541
                                        • CloseHandle.KERNEL32(00000000), ref: 04E76544
                                        • NtQueryInformationProcess.NTDLL(?,00000000,?,00000018,?), ref: 04E76592
                                        • ReadProcessMemory.KERNEL32(?,?,?,000001D8,?), ref: 04E765B3
                                        • ReadProcessMemory.KERNEL32(?,?,?,00000040,?), ref: 04E765CD
                                        • ReadProcessMemory.KERNEL32(?,?,?,000000F8,?), ref: 04E765F3
                                          • Part of subcall function 04E6D7B0: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,75934470), ref: 04E6D820
                                          • Part of subcall function 04E6D7B0: GetLastError.KERNEL32 ref: 04E6D839
                                          • Part of subcall function 04E6D7B0: CloseHandle.KERNEL32(00000000), ref: 04E6D8C4
                                        • VirtualProtectEx.KERNEL32(?,?,000000F8,00000004,?,?,?,?,?), ref: 04E7667E
                                        • WriteProcessMemory.KERNEL32(?,?,?,000000F8,?), ref: 04E766A7
                                        • VirtualProtectEx.KERNEL32(?,?,000000F8,?,?), ref: 04E766CE
                                        • VirtualAllocEx.KERNEL32(?,?,?,00002000,00000001), ref: 04E767B2
                                        • VirtualAllocEx.KERNEL32(?,?,?,00001000,00000040), ref: 04E767C6
                                        • MapViewOfFile.KERNEL32(000002D4,00000004,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 04E7681A
                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 04E76839
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: File$ProcessRead$MemoryVirtual$AllocCloseCreateHandleProtectView$ErrorInformationLastPointerQueryUnmapWrite
                                        • String ID: , DuplicateHandle(GetCurrentProcess()) failed, GetLastError() = $, DuplicateHandle(pCreateProcessAdditionalInfo->m_hProcessToWait) failed, GetLastError() = $, VirtualAllocEx() for info.m_SplashScreenData.m_pImageData failed, GetLastError() = $, VirtualAllocEx() for info.m_szFileToDeleteAfterProcessExit failed, GetLastError() = $, WriteProcessMemory() for info.m_SplashScreenData.m_pImageData failed, GetLastError() = $, WriteProcessMemory() for info.m_szFileToDeleteAfterProcessExit failed, GetLastError() = $BoxedApp::CBoxedAppCore::AttachToProcess_Native$BoxedAppSDK_RemoteAgent_ThreadProc$core
                                        • API String ID: 1411872835-4154453438
                                        • Opcode ID: 24412d577d3935869eba21a287f2c1c56316440b730eef1b679b0dea724a69d5
                                        • Instruction ID: b77a0e800d3df46e2d87c95843e28d9da5e21dfe1e2015becd85347702250801
                                        • Opcode Fuzzy Hash: 24412d577d3935869eba21a287f2c1c56316440b730eef1b679b0dea724a69d5
                                        • Instruction Fuzzy Hash: 40B26C71604341AFE724EF65DC84FABB7E9EFC4718F00491DE58997280EB74B9058BA2
                                        Function 04E2E780 Relevance: 81.4, APIs: 33, Strings: 13, Instructions: 857memorycomCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E30220: CoInitialize.OLE32(00000000), ref: 04E30225
                                          • Part of subcall function 04E98F90: GetFullPathNameW.KERNEL32 ref: 04E98FD6
                                        • CoCreateInstance.OLE32(04EA867C,00000000,00000017,04EA868C,?,?,00000000), ref: 04E2E7C0
                                        • VariantClear.OLEAUT32(?), ref: 04E2E837
                                        • SysAllocString.OLEAUT32 ref: 04E2E84B
                                        • VariantClear.OLEAUT32(?), ref: 04E2E919
                                        • SysAllocString.OLEAUT32 ref: 04E2E927
                                        • VariantClear.OLEAUT32(?), ref: 04E2E949
                                        • VariantClear.OLEAUT32(?), ref: 04E2E9BF
                                        • SysAllocString.OLEAUT32 ref: 04E2E9CD
                                        • VariantClear.OLEAUT32(?), ref: 04E2E9F1
                                          • Part of subcall function 04E00BC0: SysAllocString.OLEAUT32(?), ref: 04E00C00
                                        • VariantClear.OLEAUT32(?), ref: 04E2EA98
                                        • VariantClear.OLEAUT32(?), ref: 04E2EA9F
                                        • VariantClear.OLEAUT32(?), ref: 04E2EB17
                                        • VariantClear.OLEAUT32(?), ref: 04E2EB1E
                                        • VariantClear.OLEAUT32(?), ref: 04E2EBA3
                                        • VariantClear.OLEAUT32(?), ref: 04E2EBAA
                                        • VariantClear.OLEAUT32(?), ref: 04E2EC0E
                                        • VariantClear.OLEAUT32(?), ref: 04E2EC15
                                        • VariantClear.OLEAUT32(?), ref: 04E2F387
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ClearVariant$AllocString$CreateFullInitializeInstanceNamePath
                                        • String ID: %.8x%.8x$/microsoftNs:assembly/microsoftNs:assemblyIdentity$SelectionLanguage$SelectionNamespaces$XPath$culture$language$name$none$processorArchitecture$publicKeyToken$type$xmlns:microsoftNs='urn:schemas-microsoft-com:asm.v1'
                                        • API String ID: 2071324687-851432895
                                        • Opcode ID: e19bc62b834703ea8ec7956fb25509f58f0712401b7d577d59ecef01a92ec1a6
                                        • Instruction ID: ada70a5cf7c8b96cda665136bba61e8eddd6ae4ae3d6db12b45b102054ebfc6f
                                        • Opcode Fuzzy Hash: e19bc62b834703ea8ec7956fb25509f58f0712401b7d577d59ecef01a92ec1a6
                                        • Instruction Fuzzy Hash: 14622E726183519BD724EF64C890EAFB3E9FFD8208F544D1DE18997250EB70B905CBA2
                                        Function 04E987D0 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 399memorylibraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNEL32(?,?,?,00102000,00000040,00000000,?,?,00000000), ref: 04E98806
                                        • VirtualAllocEx.KERNEL32(?,00000000,?,00101000,00000040), ref: 04E98821
                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,00000000,?,?,00000000), ref: 04E98838
                                        • LoadLibraryA.KERNEL32(?), ref: 04E98957
                                        • GetProcAddress.KERNEL32(00000000), ref: 04E989AA
                                        • GetCurrentProcess.KERNEL32 ref: 04E98B2B
                                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 04E98B5F
                                        • GetCurrentProcess.KERNEL32 ref: 04E98C08
                                        • VirtualQuery.KERNEL32(?,00000008,0000001C), ref: 04E98C28
                                        • VirtualProtect.KERNEL32(?,04E8ECE4,00000001,00000000), ref: 04E98C44
                                        • VirtualProtectEx.KERNEL32(?,?,04E8ECE4,00000001,00000000), ref: 04E98C5D
                                        • FlushInstructionCache.KERNEL32(?,?,?), ref: 04E98C94
                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 04E98CA2
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Virtual$AllocProcess$CurrentProtect$AddressCacheFlushFreeInstructionLibraryLoadMemoryProcQueryWrite
                                        • String ID: $@$Imported function, $core
                                        • API String ID: 2182222620-3093977151
                                        • Opcode ID: 9cdb8cfb278b616e6a047cfd93800e9d55511613c0e194548cc965bb872d9a82
                                        • Instruction ID: b3cf256e0e8e636bea60a3f8dc4af5118f3ccedc4636f713f6128a00a19dbbf9
                                        • Opcode Fuzzy Hash: 9cdb8cfb278b616e6a047cfd93800e9d55511613c0e194548cc965bb872d9a82
                                        • Instruction Fuzzy Hash: 11E158B1A143019FDB24EF25C884A6AB7E5BF89708F04192DF98597391E774FC04CBA2
                                        Function 04E500A0 Relevance: 30.3, APIs: 11, Strings: 9, Instructions: 334COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC1D60: memcpy.NTDLL(00000000,?,?,00000000), ref: 04DC1D95
                                          • Part of subcall function 04DC2610: memcpy.NTDLL(?,00000000,-00000001,00000000,?,?,00000000,04DC4D60,?), ref: 04DC264F
                                        • memcpy.NTDLL(00000000,?,-00000001,00000000,00000100,?), ref: 04E501EA
                                        • memcpy.NTDLL(00000000,-00000001,?,?,00000000,?,00000000,?,?), ref: 04E50226
                                        • memcpy.NTDLL(00000000,00000000,?,?,00000000,?,00000000,?,?), ref: 04E50286
                                        • memcpy.NTDLL(?,?,?,00000000,?,00000000,?,?), ref: 04E502AA
                                        • memcpy.NTDLL(00000000,NULL,-00000002,00000000,000000FF,?,?,?,?,00000000,?,00000000,?,?), ref: 04E50322
                                        • memcpy.NTDLL(00000000,-00000002,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 04E5035E
                                        • memcpy.NTDLL(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 04E503BA
                                        • memcpy.NTDLL(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 04E503DE
                                        • wsprintfA.USER32 ref: 04E503FE
                                        • memcpy.NTDLL(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,?), ref: 04E5046D
                                          • Part of subcall function 04E94070: HeapFree.KERNEL32(02D20000,00000001,?,04EC8948,04EC8944,?,?,?,?,?,?,?,04E36417,00000001,?), ref: 04E94098
                                        • memcpy.NTDLL(-00000001,?,-00000001,?,?,?,?,?,?,?,00000000,?,00000000,?,?), ref: 04E50499
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: memcpy$FreeHeapwsprintf
                                        • String ID: (0x%.8x)$MemoryBasicInformation$MemoryBasicVlmInformation$MemoryInformationClassUnknown$MemoryLoadedImageInformation$MemorySectionName$MemoryWorkingSetExList$MemoryWorkingSetList$NULL
                                        • API String ID: 2972188138-3251939692
                                        • Opcode ID: 20bc957eeb406f241ec196118a36bff110b8d8ff8a74ed13c0cc03852547ddb8
                                        • Instruction ID: 67bc408252e384e313ef7e7994f5595b34970d83ecbbd79f8e8e0497c2b6a56f
                                        • Opcode Fuzzy Hash: 20bc957eeb406f241ec196118a36bff110b8d8ff8a74ed13c0cc03852547ddb8
                                        • Instruction Fuzzy Hash: B9C1CFB1904345ABEB21AF64DC80B2BB7E5BF8570CF54182DE88907282E771B955CB63
                                        Function 04E6C0E0 Relevance: 19.5, APIs: 2, Strings: 9, Instructions: 213nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtQueryInformationProcess.NTDLL(?,00000000,?,00000018,?), ref: 04E6C100
                                        • ReadProcessMemory.KERNEL32(?,?,?,000001D8,?), ref: 04E6C11E
                                          • Part of subcall function 04E65FB0: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?), ref: 04E65FCB
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Process$CreateFileInformationMemoryQueryRead
                                        • String ID: - $ to $. Virtual exe: from $Stub: from $Template: $TryCreateProcessForVirtualEXE, template exe found: $Unsuitable combination of stub's and virtual exe's image bases / offsets.$core$sysapi/process
                                        • API String ID: 2478325311-3865723307
                                        • Opcode ID: 0b7a388aea12e63ebc7d9d08fac449cc38f13ae9cea2f5624fa828ad9eaa7034
                                        • Instruction ID: 07ece7d302fdaf8af7fb8eb001373f5a7bfcd568477e91b20595b9ac4bc31172
                                        • Opcode Fuzzy Hash: 0b7a388aea12e63ebc7d9d08fac449cc38f13ae9cea2f5624fa828ad9eaa7034
                                        • Instruction Fuzzy Hash: 1F618031754301ABEA18FB74DC54DBF73A9EFC0708F90292DB88697290EE64BD058B91
                                        Function 04DF8000 Relevance: 16.7, APIs: 11, Instructions: 212threadnativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentThreadId.KERNEL32 ref: 04DF800C
                                        • InterlockedCompareExchange.KERNEL32(?,00000000), ref: 04DF802B
                                        • NtQueueApcThread.NTDLL(?,?,?,?,00000000), ref: 04DF8138
                                        • SetEvent.KERNEL32(?), ref: 04DF814C
                                        • SetEvent.KERNEL32(?), ref: 04DF817D
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04DF81B7
                                        • InterlockedDecrement.KERNEL32(?), ref: 04DF81C8
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04DF81D6
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04DF8203
                                        • InterlockedDecrement.KERNEL32(?), ref: 04DF8214
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04DF8222
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Exchange$DecrementEventReleaseSemaphoreThread$CompareCurrentQueue
                                        • String ID:
                                        • API String ID: 1502434316-0
                                        • Opcode ID: ec2583b8e0fc5a56a72e4667ac90ca3f04be7e52aac5d82aade266034bcf007d
                                        • Instruction ID: 889604e1658bafca30a35ea88cc13a99cd59ed422f20dba4e5a14c5254642049
                                        • Opcode Fuzzy Hash: ec2583b8e0fc5a56a72e4667ac90ca3f04be7e52aac5d82aade266034bcf007d
                                        • Instruction Fuzzy Hash: B1714875200201AFD724EF29DC84E6BB7A9FF88310F118609FA5587385DB34F945CBA2
                                        Function 099E1368 Relevance: 12.8, Strings: 10, Instructions: 255COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2778595133.00000000099E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: true
                                        • Associated: 00000009.00000002.2778525625.00000000099C0000.00000004.10000000.00040000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_99c0000_LisectAVT_2403002B_286_Update.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: (ocq$\scq$\scq$\scq$\scq$\scq$p<cq$p<cq$pgq$pgq
                                        • API String ID: 0-515066795
                                        • Opcode ID: 08e937d549a775a9e8a0da798caacc86aec235f454506a1bab6e5665b85e51dc
                                        • Instruction ID: e883bf12dd90093b2f00207d5239443a60a1a77dac1b6dfd53dfa2497a87a452
                                        • Opcode Fuzzy Hash: 08e937d549a775a9e8a0da798caacc86aec235f454506a1bab6e5665b85e51dc
                                        • Instruction Fuzzy Hash: 2F91D572F001298BCB15DFADD8456AEF7E6ABC8314B5A447ADC05EB390EA31DC018BD0
                                        Function 099E0040 Relevance: 10.3, Strings: 8, Instructions: 347COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2778595133.00000000099E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099C0000, based on PE: true
                                        • Associated: 00000009.00000002.2778525625.00000000099C0000.00000004.10000000.00040000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_99c0000_LisectAVT_2403002B_286_Update.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: &Y5f$(ocq$(ocq$\;cq$pgq$pgq$pgq$pgq
                                        • API String ID: 0-4011464909
                                        • Opcode ID: 4e2c0b9db9c64fb6fe0250263accb9fee3ea8bbbbe86a24f88156e9ff8326671
                                        • Instruction ID: 4b2ed25ed443a1379c78f91d4d1529350eed4674032330b21c91c9a12e7cd2fb
                                        • Opcode Fuzzy Hash: 4e2c0b9db9c64fb6fe0250263accb9fee3ea8bbbbe86a24f88156e9ff8326671
                                        • Instruction Fuzzy Hash: 34C1F272F041298FCB16DE79C8504AEB6E7AFC8350B59856AD849EB394EA70CC41CBD1
                                        Function 04E660F0 Relevance: 6.0, APIs: 4, Instructions: 49nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtQueryInformationProcess.NTDLL(?,00000000,?,00000018,75935030), ref: 04E6610E
                                        • ReadProcessMemory.KERNEL32(?,?,?,000001D8,?), ref: 04E66132
                                        • ReadProcessMemory.KERNEL32(?,?,?,00000040,?), ref: 04E66149
                                        • ReadProcessMemory.KERNEL32(?,?,?,000000F8,?), ref: 04E66169
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Process$MemoryRead$InformationQuery
                                        • String ID:
                                        • API String ID: 3059065599-0
                                        • Opcode ID: 961160c5b64acb5f61763cdb20acbf17f25d49788114bbb57e437ac75933eb22
                                        • Instruction ID: 7582063e729df5344948ad8fb680ffccd47808147aebc5d70a69492b4be7008b
                                        • Opcode Fuzzy Hash: 961160c5b64acb5f61763cdb20acbf17f25d49788114bbb57e437ac75933eb22
                                        • Instruction Fuzzy Hash: 20010C75215345AFE215DA45DC81EEFB3EDEFC8700F10891DF68453180D6B4AA068BA2
                                        Function 04E8E010 Relevance: .0, Instructions: 9COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ExchangeInterlocked
                                        • String ID:
                                        • API String ID: 367298776-0
                                        • Opcode ID: 8ef4cf6706e7a4fa53f0d4a9940bbf5274e69ef7ae1f03ad2b8bc1974c1b75b7
                                        • Instruction ID: 53eab1354289455230aba95c9fe9c5de81cae2f09f7f9dffa11735426dedef69
                                        • Opcode Fuzzy Hash: 8ef4cf6706e7a4fa53f0d4a9940bbf5274e69ef7ae1f03ad2b8bc1974c1b75b7
                                        • Instruction Fuzzy Hash: FCC002742002009FC644EBA8C594A6AB3E5BBD8345F505679A459C7355CA34AC01CB51
                                        Function 04E4E6F0 Relevance: 39.3, APIs: 7, Strings: 19, Instructions: 272COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC1D60: memcpy.NTDLL(00000000,?,?,00000000), ref: 04DC1D95
                                          • Part of subcall function 04DC2610: memcpy.NTDLL(?,00000000,-00000001,00000000,?,?,00000000,04DC4D60,?), ref: 04DC264F
                                        • memcpy.NTDLL(00000000,00000000,?,?), ref: 04E4E8DD
                                        • memcpy.NTDLL(00000001,00000001,-00000001,?), ref: 04E4E90F
                                          • Part of subcall function 04E94070: HeapFree.KERNEL32(02D20000,00000001,?,04EC8948,04EC8944,?,?,?,?,?,?,?,04E36417,00000001,?), ref: 04E94098
                                        • memcpy.NTDLL(00000000,NULL,-00000002,00000000,000000FF,?), ref: 04E4E991
                                        • memcpy.NTDLL(00000000,-00000002,?,?,00000000,?,00000000,?,?), ref: 04E4E9C7
                                        • memcpy.NTDLL(00000000,00000000,?,?,00000000,?,00000000,?,?), ref: 04E4EA36
                                        • memcpy.NTDLL(00000000,00000000,?,00000000,?,00000000,?,?), ref: 04E4EA58
                                        • wsprintfA.USER32 ref: 04E4EA90
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: memcpy$FreeHeapwsprintf
                                        • String ID: $ | $0x%.8x$@$FILE_COMPLETE_IF_OPLOCKED$FILE_CREATE_TREE_CONNECTION$FILE_DELETE_ON_CLOSE$FILE_DIRECTORY_FILE$FILE_NON_DIRECTORY_FILE$FILE_NO_EA_KNOWLEDGE$FILE_NO_INTERMEDIATE_BUFFERING$FILE_OPEN_BY_FILE_ID$FILE_OPEN_FOR_BACKUP_INTENT$FILE_RANDOM_ACCESS$FILE_SEQUENTIAL_ONLY$FILE_SYNCHRONOUS_IO_ALERT$FILE_SYNCHRONOUS_IO_NONALERT$FILE_WRITE_THROUGH$NULL
                                        • API String ID: 2972188138-2410351185
                                        • Opcode ID: 05e3c1d5fceddc2d7a95ab09ebec3e19ccedadc6d03bc7282037036fa37727f5
                                        • Instruction ID: a401e8b425e9aac54311f5d88ab3a518bf046336f568404743b6887c62fd2335
                                        • Opcode Fuzzy Hash: 05e3c1d5fceddc2d7a95ab09ebec3e19ccedadc6d03bc7282037036fa37727f5
                                        • Instruction Fuzzy Hash: 4EA19EB1A043419FEB20EF19E88176BBBE5BFC4308F04582DE5894B282D775F958CB52
                                        Function 04E68610 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 133libraryloaderregistryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CoInitialize.OLE32(00000000), ref: 04E6861A
                                        • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,04E8E8E4,?), ref: 04E6862E
                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,04E8E8E4,?), ref: 04E68640
                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,04E8E8E4,?), ref: 04E68646
                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,04E8E8E4,?), ref: 04E68651
                                        • GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 04E68673
                                        • GetProcAddress.KERNEL32(00000000,DllUnregisterServer), ref: 04E6867F
                                        • GetProcAddress.KERNEL32(00000000,DllGetClassObject), ref: 04E686A5
                                        • RegDeleteKeyW.ADVAPI32(80000002,SOFTWARE\Macromedia\FlashPlayer\SafeVersions), ref: 04E68721
                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,04E8E8E4,?), ref: 04E6877A
                                        • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,04E8E8E4,?), ref: 04E68784
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: AddressErrorLastProc$Library$DeleteFreeInitializeLoadUninitialize
                                        • String ID: D$DllGetClassObject$DllRegisterServer$DllUnregisterServer$E$S$SOFTWARE\Macromedia\FlashPlayer\SafeVersions$T
                                        • API String ID: 759782565-3733902375
                                        • Opcode ID: b086bae6c722221a7ee523bbff1eeeb0e38852d64a3753ccf3776a8eee8b207e
                                        • Instruction ID: 565380c2d75a0b311775917ba37f13009e9c144b3a3149da31b43c648788f5ca
                                        • Opcode Fuzzy Hash: b086bae6c722221a7ee523bbff1eeeb0e38852d64a3753ccf3776a8eee8b207e
                                        • Instruction Fuzzy Hash: 9041CC31244301AFC300EF6ACC80E6BBBE4FFC8655F14591EF998C7291DA75E9058BA2
                                        Function 04E4A740 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 211COMMON
                                        Download Yara Rule
                                        APIs
                                        • CoInitializeEx.OLE32(00000000,00000000), ref: 04E4A748
                                        • CoRegisterSurrogate.OLE32(?), ref: 04E4A7AE
                                        • CoUninitialize.OLE32 ref: 04E4A7B8
                                          • Part of subcall function 04E50510: GetLocalTime.KERNEL32 ref: 04E50559
                                          • Part of subcall function 04E50510: GetCurrentProcessId.KERNEL32(04EB3000,?,04E9E704,?,04E9DFD8,?,04E9DFD8,75922E80,04EB3000,?,04EB3004,?,04EB3004,75922E80,bx:), ref: 04E50628
                                          • Part of subcall function 04E50510: GetCurrentThreadId.KERNEL32 ref: 04E50644
                                          • Part of subcall function 04E4D390: DbgPrint.NTDLL ref: 04E4D3A9
                                          • Part of subcall function 04E4D390: WriteFile.KERNEL32(00000000,04F51C80,?,?,00000000,?,?,?,?,?,?,?,?,?,04E2C505,?), ref: 04E4D3D6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Current$FileInitializeLocalPrintProcessRegisterSurrogateThreadTimeUninitializeWrite
                                        • String ID: (): CoInitializeEx failed$(): CoRegisterSurrogate failed$/Processid:$BoxedApp::COMSurrogate::DefaultSurrogateHandler$core
                                        • API String ID: 789884646-1305326877
                                        • Opcode ID: 1bec09ba164972a138877aa2cf344ed5845c452c0f066450138f47049fc07483
                                        • Instruction ID: 0c47fd0cf6ee9e7f67581b0b0b193691ffd267360af58ef24d1bec6cf0a4918a
                                        • Opcode Fuzzy Hash: 1bec09ba164972a138877aa2cf344ed5845c452c0f066450138f47049fc07483
                                        • Instruction Fuzzy Hash: EF719FB1A48300ABD710EFA5EC8086FB7E9AFD4618F44292DF54287290EB35FD05CB52
                                        Function 04E5A720 Relevance: 21.1, APIs: 14, Instructions: 105fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateFileMappingW.KERNEL32(?,00000000,00000004,00000000,00000000,00000000,?,00000020,?,?,?,?,?,04E5B3BF,?,?), ref: 04E5A75A
                                        • GetLastError.KERNEL32(?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A76C
                                        • GetLastError.KERNEL32(?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A772
                                        • GetLastError.KERNEL32(?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A77A
                                        • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A794
                                        • MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000,?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A7AA
                                        • GetLastError.KERNEL32(?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A7BD
                                        • GetLastError.KERNEL32(?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A7C3
                                        • GetLastError.KERNEL32(?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A7C9
                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A7DF
                                        • VirtualQuery.KERNEL32(00000000,?,0000001C,?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A7F5
                                        • GetLastError.KERNEL32(?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A805
                                        • GetLastError.KERNEL32(?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A80B
                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,04E5B3BF,?,?,00000118,00000000), ref: 04E5A81E
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorLast$File$CloseHandleView$CreateMappingQueryUnmapVirtual
                                        • String ID:
                                        • API String ID: 3925098678-0
                                        • Opcode ID: cd60c547be64c6b91d5db6e0bc971274c3e1cb6d2846208048a78e1330bd636c
                                        • Instruction ID: c4c5727911118793ee23164a9b34f362555ffe711a8d068c9fa2828d75d50247
                                        • Opcode Fuzzy Hash: cd60c547be64c6b91d5db6e0bc971274c3e1cb6d2846208048a78e1330bd636c
                                        • Instruction Fuzzy Hash: 9931E4327006216BE730AA29DC40F6A37F5EF44B24F54073AEE45D72E0EA69FC014AA1
                                        Function 04E4E4A0 Relevance: 18.2, APIs: 5, Strings: 7, Instructions: 189COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC1D60: memcpy.NTDLL(00000000,?,?,00000000), ref: 04DC1D95
                                        • wsprintfA.USER32 ref: 04E4E53D
                                          • Part of subcall function 04DC2610: memcpy.NTDLL(?,00000000,-00000001,00000000,?,?,00000000,04DC4D60,?), ref: 04DC264F
                                          • Part of subcall function 04E94070: HeapFree.KERNEL32(02D20000,00000001,?,04EC8948,04EC8944,?,?,?,?,?,?,?,04E36417,00000001,?), ref: 04E94098
                                        • memcpy.NTDLL(00000000,?,-00000001,00000000,00000100,?,?,00000000,?,?), ref: 04E4E5FC
                                        • memcpy.NTDLL(00000000,?,?,?,?,?,?,?,?,00000000,?,?), ref: 04E4E63C
                                        • memcpy.NTDLL(00000000,?,?,?,?,?,?,?,?,00000000,?,?), ref: 04E4E6AA
                                        • memcpy.NTDLL(?,?,?,?,?,?,?,?,00000000,?,?), ref: 04E4E6CC
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: memcpy$FreeHeapwsprintf
                                        • String ID: 0x%.8x$FILE_CREATE$FILE_OPEN$FILE_OPEN_IF$FILE_OVERWRITE$FILE_OVERWRITE_IF$FILE_SUPERSEDE
                                        • API String ID: 2972188138-2495305306
                                        • Opcode ID: eca6f66e36d99f33f522c97c3186048698cb0615a129a2e6225245c006ee2a42
                                        • Instruction ID: b1c05591429022aa373379549e97dd765fd705f61f0aefe624aad1f14e649af3
                                        • Opcode Fuzzy Hash: eca6f66e36d99f33f522c97c3186048698cb0615a129a2e6225245c006ee2a42
                                        • Instruction Fuzzy Hash: 6461D2B1904341ABD720AF59E880B5BBBE4FFD4308F44582DE58947242E776F958CBA3
                                        Function 04E50510 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 115timethreadCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC1CF0: memcpy.NTDLL(00000000,00000001,?,?,?,00000000,?,?,?,?,?,04E2C505,?,?,?,?), ref: 04DC1D36
                                        • GetLocalTime.KERNEL32 ref: 04E50559
                                          • Part of subcall function 04DF93B0: memcpy.NTDLL(00000000,75922E80,00000002,75922E80,?,75922EF0,00000000,?,04E5056B,bx:), ref: 04DF93F1
                                          • Part of subcall function 04E4F6B0: wsprintfA.USER32 ref: 04E4F6C8
                                        • GetCurrentProcessId.KERNEL32(04EB3000,?,04E9E704,?,04E9DFD8,?,04E9DFD8,75922E80,04EB3000,?,04EB3004,?,04EB3004,75922E80,bx:), ref: 04E50628
                                        • GetCurrentThreadId.KERNEL32 ref: 04E50644
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Currentmemcpy$LocalProcessThreadTimewsprintf
                                        • String ID: bx:$debug$error$info$trace$warn
                                        • API String ID: 3941987465-2600430018
                                        • Opcode ID: ba8e2ccf3d6f29a359e4a45ca59bb97977b54b1142e4771ab5930455a6448f6d
                                        • Instruction ID: 7af6797d28abb0b5412af4026c0f43b068788a11f37fd2b3264839afaa699258
                                        • Opcode Fuzzy Hash: ba8e2ccf3d6f29a359e4a45ca59bb97977b54b1142e4771ab5930455a6448f6d
                                        • Instruction Fuzzy Hash: 463184E1304620676A09BF25486293FB6D7DFC8904705144DF68A8B3E4DF78AC02DBE3
                                        Function 04E94410 Relevance: 15.1, APIs: 10, Instructions: 110memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,00004000), ref: 04E94488
                                        • HeapAlloc.KERNEL32(00000000), ref: 04E9448F
                                        • InterlockedIncrement.KERNEL32(00000004), ref: 04E944A6
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E944BD
                                        • GetProcessHeap.KERNEL32(00000000), ref: 04E944CD
                                        • HeapFree.KERNEL32(00000000), ref: 04E944D4
                                        • InterlockedIncrement.KERNEL32(00000004), ref: 04E944F9
                                        • InterlockedDecrement.KERNEL32(00000004), ref: 04E94500
                                        • GetProcessHeap.KERNEL32(00000000), ref: 04E94510
                                        • HeapFree.KERNEL32(00000000), ref: 04E94517
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Heap$Interlocked$Process$DecrementFreeIncrement$Alloc
                                        • String ID:
                                        • API String ID: 1856492253-0
                                        • Opcode ID: 8c7ec4f5404d1614f83852e76b22e12d1c3fdf72eb9bba2ef5f5b478c1413cea
                                        • Instruction ID: 2d3290311a9a087f4ae26122d2a921d66a94104a73510a6db63976adc2cdd226
                                        • Opcode Fuzzy Hash: 8c7ec4f5404d1614f83852e76b22e12d1c3fdf72eb9bba2ef5f5b478c1413cea
                                        • Instruction Fuzzy Hash: 023193B6908315ABDB10DF94FC84B6AB7E4FB84B05F00452AF905972C5DB74ED06CBA2
                                        Function 04E9445E Relevance: 15.1, APIs: 10, Instructions: 75memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,00004000), ref: 04E94488
                                        • HeapAlloc.KERNEL32(00000000), ref: 04E9448F
                                          • Part of subcall function 04E93F10: RtlZeroMemory.NTDLL(00000000,00000008), ref: 04E93F1A
                                        • InterlockedIncrement.KERNEL32(00000004), ref: 04E944A6
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E944BD
                                        • GetProcessHeap.KERNEL32(00000000), ref: 04E944CD
                                        • HeapFree.KERNEL32(00000000), ref: 04E944D4
                                        • InterlockedIncrement.KERNEL32(00000004), ref: 04E944F9
                                        • InterlockedDecrement.KERNEL32(00000004), ref: 04E94500
                                        • GetProcessHeap.KERNEL32(00000000), ref: 04E94510
                                        • HeapFree.KERNEL32(00000000), ref: 04E94517
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Heap$Interlocked$Process$DecrementFreeIncrement$AllocMemoryZero
                                        • String ID:
                                        • API String ID: 3686117956-0
                                        • Opcode ID: 63966bee0015fa910e38ab8e461b66dd3dd9adfa88233815466841d6df1a339e
                                        • Instruction ID: f56f6e26a20c1940c2b7561794d00ecf13854233cb1a4fb71b1cee25780c4484
                                        • Opcode Fuzzy Hash: 63966bee0015fa910e38ab8e461b66dd3dd9adfa88233815466841d6df1a339e
                                        • Instruction Fuzzy Hash: BF2190B6804315ABE710DFA0FC88F6A77A5FF84706F004419FA09972C5DB78AD16CB62
                                        Function 04DDE520 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 394COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32(?,00130089,00000000,00000000), ref: 04DDE59D
                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 04DDE5A1
                                        • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000), ref: 04DDE5BE
                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 04DDE5C2
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CurrentProcess
                                        • String ID: "
                                        • API String ID: 2050909247-123907689
                                        • Opcode ID: 7ee0fd24680ceb01d8b23338206b59f443d46dfe929d554349ad3e5f8740ae7b
                                        • Instruction ID: eeef48d0c84b0b1517c7ffd54386ae0d19a54f044107d72c5de78d2a127bd6d3
                                        • Opcode Fuzzy Hash: 7ee0fd24680ceb01d8b23338206b59f443d46dfe929d554349ad3e5f8740ae7b
                                        • Instruction Fuzzy Hash: 64D14E71204341ABE725EB64CC94FABB3E9EFC4744F00491DB6899B190EE74F909C7A2
                                        Function 04E0A6F0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 135COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC8EF0: InterlockedExchange.KERNEL32(00000008,00000000), ref: 04DC8F38
                                          • Part of subcall function 04DC8EF0: InterlockedDecrement.KERNEL32(0000000C), ref: 04DC8F49
                                          • Part of subcall function 04DC8EF0: ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04DC8F5B
                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 04E0A774
                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 04E0A778
                                        • CloseHandle.KERNEL32(?), ref: 04E0A87A
                                          • Part of subcall function 04E4F790: wsprintfA.USER32 ref: 04E4F967
                                          • Part of subcall function 04E4F790: memcpy.NTDLL(00000000,-00000001,?), ref: 04E4FA06
                                          • Part of subcall function 04E4F790: wsprintfA.USER32 ref: 04E4FAAD
                                          • Part of subcall function 04E50510: GetLocalTime.KERNEL32 ref: 04E50559
                                          • Part of subcall function 04E50510: GetCurrentProcessId.KERNEL32(04EB3000,?,04E9E704,?,04E9DFD8,?,04E9DFD8,75922E80,04EB3000,?,04EB3004,?,04EB3004,75922E80,bx:), ref: 04E50628
                                          • Part of subcall function 04E50510: GetCurrentThreadId.KERNEL32 ref: 04E50644
                                          • Part of subcall function 04E4D390: DbgPrint.NTDLL ref: 04E4D3A9
                                          • Part of subcall function 04E4D390: WriteFile.KERNEL32(00000000,04F51C80,?,?,00000000,?,?,?,?,?,?,?,?,?,04E2C505,?), ref: 04E4D3D6
                                          • Part of subcall function 04E94070: HeapFree.KERNEL32(02D20000,00000001,?,04EC8948,04EC8944,?,?,?,?,?,?,?,04E36417,00000001,?), ref: 04E94098
                                        Strings
                                        • BoxedApp::FileSystem::Layers::CSandboxDirectoryLayer::DuplicateHandleInformation, xrefs: 04E0A7CA
                                        • : NtDuplicateObject() failed to duplicate sandbox handle , xrefs: 04E0A7C5
                                        • , status = , xrefs: 04E0A7B5
                                        • layer/sandbox, xrefs: 04E0A7CF
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Current$Process$Interlockedwsprintf$CloseDecrementExchangeFileFreeHandleHeapLocalPrintReleaseSemaphoreThreadTimeWritememcpy
                                        • String ID: , status = $: NtDuplicateObject() failed to duplicate sandbox handle $BoxedApp::FileSystem::Layers::CSandboxDirectoryLayer::DuplicateHandleInformation$layer/sandbox
                                        • API String ID: 1741710999-4203240436
                                        • Opcode ID: 88396c773bd14c4258a9d394b3ffc06949c07cd379832f731d6e946697ed8251
                                        • Instruction ID: faf508d03d4a91272367d5529154a8718b476a6765d928e7db6c61440eff54c8
                                        • Opcode Fuzzy Hash: 88396c773bd14c4258a9d394b3ffc06949c07cd379832f731d6e946697ed8251
                                        • Instruction Fuzzy Hash: 8441B171604300ABD714EB68DC84DAFB3E9AFD4308F049A2DF55697290EB71FC468B62
                                        Function 04E3C0F0 Relevance: 12.3, APIs: 8, Instructions: 328COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E405D0: InterlockedIncrement.KERNEL32 ref: 04E40637
                                        • InterlockedIncrement.KERNEL32(?), ref: 04E3C184
                                        • InterlockedIncrement.KERNEL32(00000000), ref: 04E3C1EB
                                        • InterlockedIncrement.KERNEL32(00000000), ref: 04E3C278
                                          • Part of subcall function 04E3BFC0: InterlockedIncrement.KERNEL32(?), ref: 04E3C034
                                          • Part of subcall function 04E3BFC0: InterlockedIncrement.KERNEL32(00000000), ref: 04E3C0C8
                                        • InterlockedIncrement.KERNEL32(00000000), ref: 04E3C322
                                        • InterlockedIncrement.KERNEL32(00000000), ref: 04E3C3AB
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E3C3C4
                                        • InterlockedDecrement.KERNEL32(00000000), ref: 04E3C433
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E3C46D
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Increment$Decrement
                                        • String ID:
                                        • API String ID: 4289621856-0
                                        • Opcode ID: 384441fa6c146916c4b592ec150dcab150b18e8613e077a5b21ae92d16dc2dda
                                        • Instruction ID: baa613dd2fd91fff7aaa4b29770f0ff483a0fd45eca48bcde21103371728fc5e
                                        • Opcode Fuzzy Hash: 384441fa6c146916c4b592ec150dcab150b18e8613e077a5b21ae92d16dc2dda
                                        • Instruction Fuzzy Hash: 80C11972508310AFD711EF65D884C6BB7E9FF88609F50692EF589A3250DB30F945CBA2
                                        Function 04E3A5F0 Relevance: 12.2, APIs: 8, Instructions: 220COMMON
                                        Download Yara Rule
                                        APIs
                                        • InterlockedIncrement.KERNEL32(?), ref: 04E3A65B
                                        • InterlockedIncrement.KERNEL32(?), ref: 04E3A6A9
                                        • InterlockedDecrement.KERNEL32(00000000), ref: 04E3A6C7
                                        • InterlockedDecrement.KERNEL32(00000000), ref: 04E3A70E
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E3A73E
                                        • InterlockedIncrement.KERNEL32(00000000), ref: 04E3A78D
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E3A798
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E3A81A
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Decrement$Increment
                                        • String ID:
                                        • API String ID: 2574743344-0
                                        • Opcode ID: 34058a619b09814baf4ed218bf5f7790ce860d3e654be8392a9827475e7c6d5c
                                        • Instruction ID: b2845f548b1b9308e3782d75f04ffb529801661182d0fe342819508f5857f22a
                                        • Opcode Fuzzy Hash: 34058a619b09814baf4ed218bf5f7790ce860d3e654be8392a9827475e7c6d5c
                                        • Instruction Fuzzy Hash: 4D711F75604304AFD711EF66D888C6FB7E9EF88A09B40692DF48997240DB34FD81CB66
                                        Function 04E98010 Relevance: 12.2, APIs: 8, Instructions: 198stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNEL32(?,?,?,00000040,00000000,00000000,?,?,00000000), ref: 04E98046
                                        • ReadProcessMemory.KERNEL32(?,?,?,000000F8,?), ref: 04E98065
                                        • ReadProcessMemory.KERNEL32(?,?,?,00000028,?), ref: 04E9807E
                                        • ReadProcessMemory.KERNEL32(?,?,?,00000004,?), ref: 04E980C2
                                        • ReadProcessMemory.KERNEL32(?,?,?,00000001,?), ref: 04E98115
                                        • lstrcmpA.KERNEL32(00000000,?), ref: 04E9815F
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: MemoryProcessRead$lstrcmp
                                        • String ID:
                                        • API String ID: 1270094187-0
                                        • Opcode ID: 6fd5dc1121f554cc40c6489a5f2c11328e77937bc4079fa34fab7e1322e327f2
                                        • Instruction ID: 6aec463186cdba987afbf186000eadc160a4f732aa0a5bc4e031806655ad0fe8
                                        • Opcode Fuzzy Hash: 6fd5dc1121f554cc40c6489a5f2c11328e77937bc4079fa34fab7e1322e327f2
                                        • Instruction Fuzzy Hash: 60619272208345ABD710DF55DC40AABB7E8FBC5758F04491EF58983290D775E909CBA2
                                        Function 04E6A560 Relevance: 12.2, APIs: 1, Strings: 7, Instructions: 185COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E30AB0: GetLastError.KERNEL32(04F51C80,04E66E1D,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AB3
                                        • TlsGetValue.KERNEL32(00000014), ref: 04E6A573
                                          • Part of subcall function 04E30AE0: GetLastError.KERNEL32(00000000,04E66E83,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AE3
                                          • Part of subcall function 04E30AE0: SetLastError.KERNEL32(00000000,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AEE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorLast$Value
                                        • String ID: ): $, CompletionKey = $, CompletionValue = $, IoStatusBlock->Information = $, IoStatusBlock->Status = $NtRemoveIoCompletion(IoCompletionHandle: $core
                                        • API String ID: 1883355122-3553767507
                                        • Opcode ID: cff60ac8840032f44e93bf64f40ec3b51d0d80350db36a12544f275fe537403f
                                        • Instruction ID: edd9cf2fcc89441399ddae9f4675e8bb775b801330e8d6dced19d2145f799d6f
                                        • Opcode Fuzzy Hash: cff60ac8840032f44e93bf64f40ec3b51d0d80350db36a12544f275fe537403f
                                        • Instruction Fuzzy Hash: 9D514EB1A04350ABDA14EB64D880D5FB7E9AFC4B08F105D2EF586D7291EA74FD04CB92
                                        Function 04E90000 Relevance: 10.6, APIs: 7, Instructions: 129memorythreadinjectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 04E900AA
                                        • HeapFree.KERNEL32(00000000), ref: 04E900B1
                                        • GetCurrentProcess.KERNEL32(04EC8928,00000002,00000000,00000000), ref: 04E90161
                                        • GetCurrentThread.KERNEL32 ref: 04E90164
                                        • GetCurrentProcess.KERNEL32(00000000), ref: 04E9016B
                                          • Part of subcall function 04E3FD70: InterlockedExchange.KERNEL32(?,00000000), ref: 04E3FD8F
                                          • Part of subcall function 04E3FD70: InterlockedDecrement.KERNEL32(?), ref: 04E3FDA0
                                          • Part of subcall function 04E3FD70: ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04E3FDAE
                                        • DuplicateHandle.KERNEL32(00000000), ref: 04E9016E
                                        • SuspendThread.KERNEL32(00000000), ref: 04E9017A
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CurrentProcess$HeapInterlockedThread$DecrementDuplicateExchangeFreeHandleReleaseSemaphoreSuspend
                                        • String ID:
                                        • API String ID: 1086781611-0
                                        • Opcode ID: 7e873aeb16faccabed3e796a19b1d37b3d4000b68d0b9010aa587888ea843c6e
                                        • Instruction ID: 986a0a08d5edeb81a4d3c7355a6f740df210694b007cf2fc0afd3166d038a2f3
                                        • Opcode Fuzzy Hash: 7e873aeb16faccabed3e796a19b1d37b3d4000b68d0b9010aa587888ea843c6e
                                        • Instruction Fuzzy Hash: D5419275600205AFDB24EF66ED44F2B77E9FB8830AF445529E90887285CB39FC42CB52
                                        Function 04E6A1C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 117fileCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E98E10: GetWindowsDirectoryW.KERNEL32(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?,04E6C4F2), ref: 04E98E3C
                                          • Part of subcall function 04E98E10: GetWindowsDirectoryW.KERNEL32(00000000,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,04E6C4F2), ref: 04E98E6F
                                          • Part of subcall function 04DC25C0: memcpy.NTDLL(?,00000001,00000002,00000000,?,?,00000000,04E99058,?), ref: 04DC2601
                                        • WriteFile.KERNEL32(00000000,04EC0488,00004000,00000000,00000000,?,40000000,00000001,00000000,00000002,00000000,00000000,?,?,?,\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll), ref: 04E6A263
                                        • CloseHandle.KERNEL32(00000000,?,?,?,\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll), ref: 04E6A26C
                                        • WriteFile.KERNEL32(00000000,04EC0488,00004000,00000001,00000000,?,40000000,00000001,00000000,00000002,00000000,00000000,?,?,?,\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll), ref: 04E6A2AD
                                        • CloseHandle.KERNEL32(00000000,?,?,?,\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll), ref: 04E6A2B0
                                          • Part of subcall function 04DC3F20: memcpy.NTDLL(?,00000000,00000000,00000000,00000000,00000000,000000AC,00000FA0,00000000,04E28E60,?,?,02D206E0,\REGISTRY\USER\,\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID,\REGISTRY\MACHINE\Software\Classes\Wow6432Node\AppID), ref: 04DC3F74
                                          • Part of subcall function 04DC3F20: memcpy.NTDLL(00000000,?,04EA44E6,?,00000000,00000000,00000000,00000000,00000000,000000AC,00000FA0,00000000,04E28E60,?,?,02D206E0), ref: 04DC3F8A
                                        Strings
                                        • \assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll, xrefs: 04E6A1D3
                                        • \.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll, xrefs: 04E6A1ED
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: memcpy$CloseDirectoryFileHandleWindowsWrite
                                        • String ID: \.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll$\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll
                                        • API String ID: 2332119604-4250271233
                                        • Opcode ID: 32378aacb24034b499cb7fa9382666245d52e404291ccb7453810d86cbd322aa
                                        • Instruction ID: 0c14696c078286b1fd6f142ccbd65b4b38d4332e19660bd83bbb55ba441bbbd4
                                        • Opcode Fuzzy Hash: 32378aacb24034b499cb7fa9382666245d52e404291ccb7453810d86cbd322aa
                                        • Instruction Fuzzy Hash: C331D4B2A443057BD600EF55EC81E5B77ECEB85648F001D2DF54693181EA35FE088AB7
                                        Function 04E047E0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 105COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,04E0495E,?,?,?,?,?), ref: 04E04894
                                        • InterlockedIncrement.KERNEL32(04EC88F4), ref: 04E048BD
                                        Strings
                                        • constructed, xrefs: 04E048DE
                                        • BoxedApp::FileSystem::Utils::Impl::CRealFileNotificationManager::CRealFileNotificationManager, xrefs: 04E048E9
                                        • core, xrefs: 04E048EE
                                        • : listener id , xrefs: 04E048E4
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CreateEventIncrementInterlocked
                                        • String ID: constructed$: listener id $BoxedApp::FileSystem::Utils::Impl::CRealFileNotificationManager::CRealFileNotificationManager$core
                                        • API String ID: 3999195403-3051967129
                                        • Opcode ID: e276ba8b758116ecdfee46401a09b95f3eacae64ddb8caff3a3c0eafad67a56f
                                        • Instruction ID: 53090f0059fa2ea51c5f296678dfc7b6942d624166240162affcb48f278b571b
                                        • Opcode Fuzzy Hash: e276ba8b758116ecdfee46401a09b95f3eacae64ddb8caff3a3c0eafad67a56f
                                        • Instruction Fuzzy Hash: 7F4126B0A007409FD320DF2AD98091BFBF4BF88708B005A2EE59A87BA0D770F840CB51
                                        Function 0043F7AB Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • TlsGetValue.KERNEL32(00000000,0043F85B,?,0043AE22), ref: 0043F7B8
                                        • TlsGetValue.KERNEL32(00000005,?,0043AE22), ref: 0043F7CF
                                        • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0043AE22), ref: 0043F7E4
                                        • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 0043F7FF
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2755614298.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000009.00000002.2755550332.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755670835.0000000000452000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755732116.000000000046B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.000000000046D000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.0000000000570000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.0000000000576000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2755789074.0000000000583000.00000008.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756191692.000000000059F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756263555.00000000005A3000.00000020.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756443791.0000000000762000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        • Associated: 00000009.00000002.2756443791.0000000000907000.00000002.00000001.01000000.00000011.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_400000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Value$AddressHandleModuleProc
                                        • String ID: DecodePointer$KERNEL32.DLL
                                        • API String ID: 1929421221-629428536
                                        • Opcode ID: 88f913852e08c1575371cd1b3d4c95e2569a501468fffc6810ca2a17cca08315
                                        • Instruction ID: 245ecc31fb8c1607d4a4382ea1dab8f694e76174c75a8ccf15531d552fbd5d54
                                        • Opcode Fuzzy Hash: 88f913852e08c1575371cd1b3d4c95e2569a501468fffc6810ca2a17cca08315
                                        • Instruction Fuzzy Hash: DCF02B30A002139B86296B35EE00A5F3AD4DF09751F155537FC14D23F2EB68CD468A9D
                                        Function 04E2A040 Relevance: 9.4, APIs: 1, Strings: 5, Instructions: 404stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • lstrlenW.KERNEL32(?), ref: 04E2A04E
                                          • Part of subcall function 04DC4D00: wsprintfA.USER32 ref: 04DC4D3D
                                          • Part of subcall function 04E50510: GetLocalTime.KERNEL32 ref: 04E50559
                                          • Part of subcall function 04E50510: GetCurrentProcessId.KERNEL32(04EB3000,?,04E9E704,?,04E9DFD8,?,04E9DFD8,75922E80,04EB3000,?,04EB3004,?,04EB3004,75922E80,bx:), ref: 04E50628
                                          • Part of subcall function 04E50510: GetCurrentThreadId.KERNEL32 ref: 04E50644
                                          • Part of subcall function 04E4D390: DbgPrint.NTDLL ref: 04E4D3A9
                                          • Part of subcall function 04E4D390: WriteFile.KERNEL32(00000000,04F51C80,?,?,00000000,?,?,?,?,?,?,?,?,?,04E2C505,?), ref: 04E4D3D6
                                          • Part of subcall function 04E94070: HeapFree.KERNEL32(02D20000,00000001,?,04EC8948,04EC8944,?,?,?,?,?,?,?,04E36417,00000001,?), ref: 04E94098
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Current$FileFreeHeapLocalPrintProcessThreadTimeWritelstrlenwsprintf
                                        • String ID: : error: IMarshal::MarshalInterface() of VariablesValueProvider failed, hr = $: error: IStream::Write() failed, hr = $: error: failed to query IMarshal from VariablesValueProvider, hr = $BoxedApp::Registry::ReadonlyRegistry::CTree::MarshalInterface$core
                                        • API String ID: 1620325959-2442970054
                                        • Opcode ID: 08ae35d2f22fbfcbe6517a534fee4dd822383b0d7fae9330e9df94245f98848b
                                        • Instruction ID: 15a6276e333c359a1ae16820649a9e2acf64ef769170f50c057e20c5ea5d3c32
                                        • Opcode Fuzzy Hash: 08ae35d2f22fbfcbe6517a534fee4dd822383b0d7fae9330e9df94245f98848b
                                        • Instruction Fuzzy Hash: EBD16C71340301ABD608FB68DC90E7FB3E5EFC4608F50592CB5469B291EE64FD058BA5
                                        Function 04E9A770 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 348COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorLast
                                        • String ID: :$CommonProgramW6432$ProgramW6432
                                        • API String ID: 1452528299-594665369
                                        • Opcode ID: 35fc55da2d9f46e5acee8eb1ce875ab49d968083951f827688fa519bc1023e0e
                                        • Instruction ID: c04797ff42fa5f30479e4257553c3f823cc75b8370119191f0eee092b638de79
                                        • Opcode Fuzzy Hash: 35fc55da2d9f46e5acee8eb1ce875ab49d968083951f827688fa519bc1023e0e
                                        • Instruction Fuzzy Hash: 89915776E942406BEA00F768EC529DF77E8AF84718FC80429FE4C462D0F566BD1496E3
                                        Function 04E7C1D0 Relevance: 9.2, APIs: 6, Instructions: 154COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC8AC0: GetCurrentThreadId.KERNEL32 ref: 04DC8ACB
                                          • Part of subcall function 04DC8AC0: InterlockedCompareExchange.KERNEL32(02D20E84,00000000), ref: 04DC8AE6
                                        • InterlockedExchange.KERNEL32(00000008,00000000), ref: 04E7C20D
                                        • InterlockedDecrement.KERNEL32(0000000C), ref: 04E7C21E
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04E7C230
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04E7C34C
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E7C35D
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04E7C36F
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Exchange$DecrementReleaseSemaphore$CompareCurrentThread
                                        • String ID:
                                        • API String ID: 1308783253-0
                                        • Opcode ID: bb319dfcde82888fb41808cdf8f91508d7cb16276afcaa3abfe55f80dd7172cf
                                        • Instruction ID: 08229b3bcf4e9a8ea94f9671e8bbb885a1ae7c19e4728202718d0aaf51cd1a0f
                                        • Opcode Fuzzy Hash: bb319dfcde82888fb41808cdf8f91508d7cb16276afcaa3abfe55f80dd7172cf
                                        • Instruction Fuzzy Hash: 58516770610B01EFC764DF69D584B96B3E9FF88324F109A1EE94A87A90D770F884CB94
                                        Function 04E7C450 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC8AC0: GetCurrentThreadId.KERNEL32 ref: 04DC8ACB
                                          • Part of subcall function 04DC8AC0: InterlockedCompareExchange.KERNEL32(02D20E84,00000000), ref: 04DC8AE6
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04E7C493
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E7C4A4
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04E7C4B5
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04E7C550
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E7C561
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04E7C572
                                          • Part of subcall function 04E78350: InterlockedExchange.KERNEL32(?,00000000), ref: 04E783C9
                                          • Part of subcall function 04E78350: InterlockedDecrement.KERNEL32(?), ref: 04E783DA
                                          • Part of subcall function 04E78350: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,04E87909,04F51C80,00000000), ref: 04E783EB
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Exchange$DecrementReleaseSemaphore$CompareCurrentThread
                                        • String ID:
                                        • API String ID: 1308783253-0
                                        • Opcode ID: 64692809e36cab716729e40f28c072d514231ba759aae9a21006367633e82b56
                                        • Instruction ID: b6461dea7b72852f0a6c895f30243bfcc4b6a63695d9514759e7d29394232f32
                                        • Opcode Fuzzy Hash: 64692809e36cab716729e40f28c072d514231ba759aae9a21006367633e82b56
                                        • Instruction Fuzzy Hash: 4641D4B1900702AFC720DF69E884866F7F8FB44329B148A2EE95597640D731FC85CBE1
                                        Function 04E7C590 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC8AC0: GetCurrentThreadId.KERNEL32 ref: 04DC8ACB
                                          • Part of subcall function 04DC8AC0: InterlockedCompareExchange.KERNEL32(02D20E84,00000000), ref: 04DC8AE6
                                        • InterlockedExchange.KERNEL32(04F5EDE8,00000000), ref: 04E7C5D3
                                        • InterlockedDecrement.KERNEL32(04F5EDEC), ref: 04E7C5E4
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,04E87909,04F51C80,00000000), ref: 04E7C5F5
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04E7C691
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E7C6A2
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,04E87909,04F51C80,00000000), ref: 04E7C6B3
                                          • Part of subcall function 04E78350: InterlockedExchange.KERNEL32(?,00000000), ref: 04E783C9
                                          • Part of subcall function 04E78350: InterlockedDecrement.KERNEL32(?), ref: 04E783DA
                                          • Part of subcall function 04E78350: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,04E87909,04F51C80,00000000), ref: 04E783EB
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Exchange$DecrementReleaseSemaphore$CompareCurrentThread
                                        • String ID:
                                        • API String ID: 1308783253-0
                                        • Opcode ID: 64a3b13eef49fca873be543a6360e7cec73f466fcfcd8c24d8bc5a174be9d78c
                                        • Instruction ID: 9850a25a292078f4adbfbb3df39af259f6fc3909790f0d01a16190aee4fa7e32
                                        • Opcode Fuzzy Hash: 64a3b13eef49fca873be543a6360e7cec73f466fcfcd8c24d8bc5a174be9d78c
                                        • Instruction Fuzzy Hash: 9441F4B1500702AFC720DFA9E8C4866F7B8FB44728B249E2EE95693240D731F955CBE1
                                        Function 04DFC620 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC8AC0: GetCurrentThreadId.KERNEL32 ref: 04DC8ACB
                                          • Part of subcall function 04DC8AC0: InterlockedCompareExchange.KERNEL32(02D20E84,00000000), ref: 04DC8AE6
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04DFC66B
                                        • InterlockedDecrement.KERNEL32(?), ref: 04DFC67C
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04DFC68E
                                        • RtlCompareUnicodeString.NTDLL(00000000,00000000,00000001), ref: 04DFC6B9
                                        • RtlCompareUnicodeString.NTDLL(00000000,00000000,00000001), ref: 04DFC6D5
                                        • RtlCompareUnicodeString.NTDLL(00000000,00000000,00000001), ref: 04DFC6F1
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Compare$InterlockedStringUnicode$Exchange$CurrentDecrementReleaseSemaphoreThread
                                        • String ID:
                                        • API String ID: 3862866163-0
                                        • Opcode ID: 193b6078883642e9f32c099f21f8569a5cd4aa80b3c88bd33458bad55ad29df8
                                        • Instruction ID: e1f31328acf012ed79d91d79af4b829b9de8b1b3b837f55a0f2ef73df0f4da5e
                                        • Opcode Fuzzy Hash: 193b6078883642e9f32c099f21f8569a5cd4aa80b3c88bd33458bad55ad29df8
                                        • Instruction Fuzzy Hash: 2831E3353043059BDB10EF25DC48BAAB3A9FF80726F01451DE95997280DB74F909CBA5
                                        Function 04E84500 Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04DC8AC0: GetCurrentThreadId.KERNEL32 ref: 04DC8ACB
                                          • Part of subcall function 04DC8AC0: InterlockedCompareExchange.KERNEL32(02D20E84,00000000), ref: 04DC8AE6
                                          • Part of subcall function 04E7BDA0: InterlockedExchange.KERNEL32(00000008,00000000), ref: 04E7BDE8
                                          • Part of subcall function 04E7BDA0: InterlockedDecrement.KERNEL32(0000000C), ref: 04E7BDF9
                                          • Part of subcall function 04E7BDA0: ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04E7BE0B
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04E8455B
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E8456C
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04E8457E
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04E845AF
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E845C0
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04E845D2
                                          • Part of subcall function 04E7DFD0: InterlockedExchange.KERNEL32(?,00000000), ref: 04E7E00D
                                          • Part of subcall function 04E7DFD0: InterlockedDecrement.KERNEL32(?), ref: 04E7E01E
                                          • Part of subcall function 04E7DFD0: ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04E7E030
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Exchange$DecrementReleaseSemaphore$CompareCurrentThread
                                        • String ID:
                                        • API String ID: 1308783253-0
                                        • Opcode ID: 1463d52dfb3c86542861eab080d199cd978994b4f78c5d6014e2edeb79842333
                                        • Instruction ID: f5d87dfee148f55ed17d99a96d0860d334c43979555a28ad7c928ec467897e90
                                        • Opcode Fuzzy Hash: 1463d52dfb3c86542861eab080d199cd978994b4f78c5d6014e2edeb79842333
                                        • Instruction Fuzzy Hash: EB218F31600301ABD724EF25E844F9BB7A9EF84729F008A1DF59A932C0DB74F904CBA1
                                        Function 04E045E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 48synchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SetEvent.KERNEL32(?), ref: 04E045EA
                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 04E04604
                                        Strings
                                        • BoxedApp::FileSystem::Utils::Impl::CGlobalRealFileNotificationManager::Stop, xrefs: 04E0462B
                                        • WaitForSingleObject() returned , xrefs: 04E04626
                                        • core, xrefs: 04E04630
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: EventObjectSingleWait
                                        • String ID: BoxedApp::FileSystem::Utils::Impl::CGlobalRealFileNotificationManager::Stop$WaitForSingleObject() returned $core
                                        • API String ID: 582559000-112852539
                                        • Opcode ID: 5ad4f6618da9a7b90688d0f6e8b970037704d751cea4c18ba75a08a5d06be18a
                                        • Instruction ID: 2ac633e7d453403682ee96f6503faf3fbbf1781273961eb072f7a739e5b2e091
                                        • Opcode Fuzzy Hash: 5ad4f6618da9a7b90688d0f6e8b970037704d751cea4c18ba75a08a5d06be18a
                                        • Instruction Fuzzy Hash: 5901443174022257DB18FB78FC56D6A33D55F84A18B045A79B51AD77D0FD28FC488681
                                        Function 04E4C7A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 45memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • TlsAlloc.KERNEL32 ref: 04E4C7A6
                                        • GetLastError.KERNEL32 ref: 04E4C7B4
                                          • Part of subcall function 04E50510: GetLocalTime.KERNEL32 ref: 04E50559
                                          • Part of subcall function 04E50510: GetCurrentProcessId.KERNEL32(04EB3000,?,04E9E704,?,04E9DFD8,?,04E9DFD8,75922E80,04EB3000,?,04EB3004,?,04EB3004,75922E80,bx:), ref: 04E50628
                                          • Part of subcall function 04E50510: GetCurrentThreadId.KERNEL32 ref: 04E50644
                                          • Part of subcall function 04E4F6B0: wsprintfA.USER32 ref: 04E4F6C8
                                          • Part of subcall function 04E4D390: DbgPrint.NTDLL ref: 04E4D3A9
                                          • Part of subcall function 04E4D390: WriteFile.KERNEL32(00000000,04F51C80,?,?,00000000,?,?,?,?,?,?,?,?,?,04E2C505,?), ref: 04E4D3D6
                                        Strings
                                        • BoxedApp::ApiLayer::CAutoForceWriteCopyMode::Init, xrefs: 04E4C7DB
                                        • : TlsAlloc() failed, GetLastError() = , xrefs: 04E4C7D6
                                        • layer/sandbox, xrefs: 04E4C7E0
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Current$AllocErrorFileLastLocalPrintProcessThreadTimeWritewsprintf
                                        • String ID: : TlsAlloc() failed, GetLastError() = $BoxedApp::ApiLayer::CAutoForceWriteCopyMode::Init$layer/sandbox
                                        • API String ID: 1681842421-663972680
                                        • Opcode ID: c498d3ec722d2ea06ef768976892ec8f1342d291cafcf2f38b4959890067a282
                                        • Instruction ID: a9ee8f8cca5dbea4f60755ccc4f998de2861de593c2c83ca2d780dc157c324d2
                                        • Opcode Fuzzy Hash: c498d3ec722d2ea06ef768976892ec8f1342d291cafcf2f38b4959890067a282
                                        • Instruction Fuzzy Hash: D801D635B402115BE724FB38EC14A7A37919FC4629F511B78E805DB2D0FE68FC0486C1
                                        Function 04E74060 Relevance: 7.7, APIs: 5, Instructions: 193threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentThreadId.KERNEL32 ref: 04E74070
                                        • InterlockedCompareExchange.KERNEL32(04F51C9C,00000000,00000000), ref: 04E7408E
                                          • Part of subcall function 04DFA150: InterlockedExchange.KERNEL32(?,00000000), ref: 04DFA16C
                                          • Part of subcall function 04DFA150: InterlockedDecrement.KERNEL32(?), ref: 04DFA17D
                                          • Part of subcall function 04DFA150: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,?,?,00000000,00000000,?,00000000,00000030), ref: 04DFA18B
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Exchange$CompareCurrentDecrementReleaseSemaphoreThread
                                        • String ID:
                                        • API String ID: 3542523172-0
                                        • Opcode ID: 1c9b0661ff804828a7aa98f456125be6daf274bb01dda29ea610d0d0175e2c9b
                                        • Instruction ID: 9d5336446f39879b87904ca426b943f0575b5db742637594f310ec4c8d87b6e7
                                        • Opcode Fuzzy Hash: 1c9b0661ff804828a7aa98f456125be6daf274bb01dda29ea610d0d0175e2c9b
                                        • Instruction Fuzzy Hash: 4C51B3337002558FCA10EE58FC40896F3A4FBA0276B05093BEA5993780DB36BD1EC7A5
                                        Function 04DF8560 Relevance: 7.7, APIs: 5, Instructions: 165threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentThreadId.KERNEL32 ref: 04DF856B
                                        • InterlockedCompareExchange.KERNEL32(?,00000000), ref: 04DF858A
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04DF86E6
                                        • InterlockedDecrement.KERNEL32(?), ref: 04DF86F7
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04DF8705
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Exchange$CompareCurrentDecrementReleaseSemaphoreThread
                                        • String ID:
                                        • API String ID: 3542523172-0
                                        • Opcode ID: 437de52e085ea26cd88b2ed55887b3af5fbfcc5e0cccb8f6753687f3b12b3b89
                                        • Instruction ID: fad6972120e0074b3d6dfdbf6f088bd5946f3ee45ef76e8d9545929afb6923f7
                                        • Opcode Fuzzy Hash: 437de52e085ea26cd88b2ed55887b3af5fbfcc5e0cccb8f6753687f3b12b3b89
                                        • Instruction Fuzzy Hash: D35157B2200740AFD720EF65DC84A6BB7E9BF88704F05891DF69687290DB70F905DB62
                                        Function 04E6A420 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 97COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E30AB0: GetLastError.KERNEL32(04F51C80,04E66E1D,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AB3
                                        • TlsGetValue.KERNEL32(00000014), ref: 04E6A433
                                          • Part of subcall function 04E30AE0: GetLastError.KERNEL32(00000000,04E66E83,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AE3
                                          • Part of subcall function 04E30AE0: SetLastError.KERNEL32(00000000,?,04F51C80,04E8E702,?,?,?,?,?,?,?), ref: 04E30AEE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorLast$Value
                                        • String ID: )$, SectionSize = $NtExtendSection( SectionHandle = $core
                                        • API String ID: 1883355122-3021227702
                                        • Opcode ID: 2eebc3ffee35ccb7432838aa63cc4b8a65942a7c1f00bca026b50980f055837f
                                        • Instruction ID: afd133e81eab993a577e5472749098f6c48d330e404c4e39d986e24afd683fa4
                                        • Opcode Fuzzy Hash: 2eebc3ffee35ccb7432838aa63cc4b8a65942a7c1f00bca026b50980f055837f
                                        • Instruction Fuzzy Hash: B8316275700200ABE704FB64DC94E6BB3E5AFD4648F04592CF88697290EB34FD05CB92
                                        Function 04E947B0 Relevance: 7.6, APIs: 5, Instructions: 64threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentThreadId.KERNEL32 ref: 04E947BA
                                        • InterlockedCompareExchange.KERNEL32(?,00000000), ref: 04E947D6
                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 04E94819
                                        • InterlockedDecrement.KERNEL32(?), ref: 04E9482A
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 04E94838
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Interlocked$Exchange$CompareCurrentDecrementReleaseSemaphoreThread
                                        • String ID:
                                        • API String ID: 3542523172-0
                                        • Opcode ID: 14d452a79f411f0a127f7eaa52bd31811b9a9d0e61620aeeadf4b6706280f6e3
                                        • Instruction ID: ccca365f429b6f05a50e566f4b1a15374f11b8e5203f1f1abd115fa59daeb314
                                        • Opcode Fuzzy Hash: 14d452a79f411f0a127f7eaa52bd31811b9a9d0e61620aeeadf4b6706280f6e3
                                        • Instruction Fuzzy Hash: 03115C75208344ABDB348F25E848FA7B7E9AB41719F004A1DF862975C1DB74BD0AC660
                                        Function 04E5A5A0 Relevance: 7.5, APIs: 5, Instructions: 49fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • TlsGetValue.KERNEL32(?,?,00000020,00000000,04E611E9), ref: 04E5A5A9
                                        • UnlockFileEx.KERNEL32(?,00000000,00000001,00000000,00000044), ref: 04E5A5CA
                                        • GetLastError.KERNEL32 ref: 04E5A5D0
                                        • UnlockFileEx.KERNEL32(?,00000000,00000001,00000000,00000030), ref: 04E5A5F6
                                        • TlsSetValue.KERNEL32(?,-00000001), ref: 04E5A601
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: FileUnlockValue$ErrorLast
                                        • String ID:
                                        • API String ID: 603565765-0
                                        • Opcode ID: 374cb94c8005b9abde92df14e498bc65ede482fe039454486679184192d2c310
                                        • Instruction ID: c0707eb84949565e317e832ffb06d7646939aec02ce5f330578c59d279117817
                                        • Opcode Fuzzy Hash: 374cb94c8005b9abde92df14e498bc65ede482fe039454486679184192d2c310
                                        • Instruction Fuzzy Hash: C1016DB22103116BE7309A79EC85F6733ADEB88715F140A2AB641CA5C4DAA5FC418764
                                        Function 04E9A090 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 166COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetEnvironmentVariableW.KERNEL32 ref: 04E9A0CE
                                          • Part of subcall function 04E93F10: RtlZeroMemory.NTDLL(00000000,00000008), ref: 04E93F1A
                                        • GetEnvironmentVariableW.KERNEL32(PATH,?,?,00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,04E7D18D), ref: 04E9A103
                                        • GetFileAttributesW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?), ref: 04E9A1B4
                                          • Part of subcall function 04E94070: HeapFree.KERNEL32(02D20000,00000001,?,04EC8948,04EC8944,?,?,?,?,?,?,?,04E36417,00000001,?), ref: 04E94098
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: EnvironmentVariable$AttributesFileFreeHeapMemoryZero
                                        • String ID: PATH
                                        • API String ID: 1331966000-1036084923
                                        • Opcode ID: d7fadd1f47e14182309d534a303512349960b952d5888c60966e474d106db698
                                        • Instruction ID: c513c0ea48d30e326d14397c398a164fe6d7ad3918bb8ac63d75b331a201f44d
                                        • Opcode Fuzzy Hash: d7fadd1f47e14182309d534a303512349960b952d5888c60966e474d106db698
                                        • Instruction Fuzzy Hash: 4E5192B2A083446BDB14EF65EC8195FB7E4AF84708F041A2DF54597281DA31FE498BA3
                                        Function 04E36050 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: wsprintf
                                        • String ID: %s_%.8x$%s_%.8x_%.8x
                                        • API String ID: 2111968516-1645394231
                                        • Opcode ID: 0405b5d426f4036f2c3308e5b2b6115633cdb98857cd8d7709fe3ccd18a40993
                                        • Instruction ID: c0987f46b1611264a9edd13067939602d4c3e098a4359fddb0d19e5bd3b46463
                                        • Opcode Fuzzy Hash: 0405b5d426f4036f2c3308e5b2b6115633cdb98857cd8d7709fe3ccd18a40993
                                        • Instruction Fuzzy Hash: CFF082B55003007BE224EB54DCC5FBB77A8EF88704F10490DB99457241E530F8158AE1
                                        Function 04E2A790 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 04E302E0: RtlInitUnicodeString.NTDLL(?,00000000), ref: 04E302E9
                                        • RtlCompareUnicodeString.NTDLL(00000000,00000000,00000001), ref: 04E2A82C
                                        • RtlCompareUnicodeString.NTDLL(00000000,00000000,00000001), ref: 04E2A850
                                        • RtlCompareUnicodeString.NTDLL(00000000,00000000,00000001), ref: 04E2A8A9
                                        • RtlCompareUnicodeString.NTDLL(00000000,00000000,00000001), ref: 04E2A900
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: StringUnicode$Compare$Init
                                        • String ID:
                                        • API String ID: 3700283247-0
                                        • Opcode ID: d41b397db91e93055c209efbf6bad70c12dccf0f53b478854821b8bfd197dde1
                                        • Instruction ID: 7366f0a5fdc1060cf6c50321a15b785473f3f00fe98e93db5c5372c3320f6425
                                        • Opcode Fuzzy Hash: d41b397db91e93055c209efbf6bad70c12dccf0f53b478854821b8bfd197dde1
                                        • Instruction Fuzzy Hash: 845189762003119FD304DF19C884EAAB7A8FF88729F054A6DF8469B295DB30F945CBE1
                                        Function 04DC8030 Relevance: 6.2, APIs: 4, Instructions: 150COMMON
                                        Download Yara Rule
                                        APIs
                                        • RtlDosPathNameToNtPathName_U.NTDLL(?,00000000,00000000,00000000), ref: 04DC8059
                                        • SetLastError.KERNEL32(00000003), ref: 04DC80B1
                                        • SetLastError.KERNEL32(00000032), ref: 04DC80E3
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: ErrorLastPath$NameName_
                                        • String ID:
                                        • API String ID: 2460001642-0
                                        • Opcode ID: 013368798e6a89929c55b1d929e7401f4bfbf92fd407d65f5a73509a02cc0cf4
                                        • Instruction ID: e7cff861f5dbf623cea6d8a7e8f370119471872abe94748face6ae810e765b20
                                        • Opcode Fuzzy Hash: 013368798e6a89929c55b1d929e7401f4bfbf92fd407d65f5a73509a02cc0cf4
                                        • Instruction Fuzzy Hash: 965117352043029FD315EB64C894EABB7E9BFC8745F10491DF586872A4EB30F945CBA2
                                        Function 09A1A150 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 09A1A1CE
                                        • GetCurrentThread.KERNEL32 ref: 09A1A20B
                                        • GetCurrentProcess.KERNEL32 ref: 09A1A248
                                        • GetCurrentThreadId.KERNEL32 ref: 09A1A2A1
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2778951509.0000000009A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A10000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_9a10000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID:
                                        • API String ID: 2063062207-0
                                        • Opcode ID: 5d90ce8b9c07645cd3abceba6832e2e424617ac955d9755aebf1a9da1ac0899e
                                        • Instruction ID: b83866166752e91b16a9ffee3c1997a55bbb3ef789f604fb5940fe39db40d827
                                        • Opcode Fuzzy Hash: 5d90ce8b9c07645cd3abceba6832e2e424617ac955d9755aebf1a9da1ac0899e
                                        • Instruction Fuzzy Hash: 845178B1901349CFDB14CFA9DA48B9EBBF1EF88314F248459E409A7360D735A944CF65
                                        Function 04E8E5D0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetTickCount.KERNEL32 ref: 04E8E5D9
                                        • InterlockedIncrement.KERNEL32(04EC8954), ref: 04E8E5F8
                                        • InterlockedCompareExchange.KERNEL32(00000000,?,00000000), ref: 04E8E605
                                        • GetTickCount.KERNEL32 ref: 04E8E61D
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CountInterlockedTick$CompareExchangeIncrement
                                        • String ID:
                                        • API String ID: 2541844095-0
                                        • Opcode ID: a36733f8b765f250d1d948b1b52a3398ffcea9422acbd0017c7db41c13abdc2e
                                        • Instruction ID: aa876c7012e92db761b5199b470b43be8a748e08f8d0bca773e04a520375f477
                                        • Opcode Fuzzy Hash: a36733f8b765f250d1d948b1b52a3398ffcea9422acbd0017c7db41c13abdc2e
                                        • Instruction Fuzzy Hash: DF11E3326443109BDE24AF39E904AAB779AEB81265F04591FE55AC31C0FB25F8059A60
                                        Function 04E08780 Relevance: 5.2, APIs: 4, Instructions: 157COMMON
                                        Download Yara Rule
                                        APIs
                                        • CloseHandle.KERNEL32(00000000), ref: 04E087FD
                                        • CloseHandle.KERNEL32(?), ref: 04E088E3
                                        • CloseHandle.KERNEL32(00000000,?,?,FFFFFFFF), ref: 04E08915
                                        • CloseHandle.KERNEL32(?), ref: 04E08930
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: CloseHandle
                                        • String ID:
                                        • API String ID: 2962429428-0
                                        • Opcode ID: c7b5e9002ea6d9c8fe7ecf4bcf6ec96410a1d9c8eff4facb36cebc75cd6d8eec
                                        • Instruction ID: 5b1c888a1e8b6d5a679571f8c6faf7d7d0a3eb96f32634f4a2a20d341b5dcec2
                                        • Opcode Fuzzy Hash: c7b5e9002ea6d9c8fe7ecf4bcf6ec96410a1d9c8eff4facb36cebc75cd6d8eec
                                        • Instruction Fuzzy Hash: CE51C2717042009BE720EBA4CC94FABB3D8AF84768F544919F969D71D0EB70F944CBA2
                                        Function 04E52090 Relevance: 5.1, APIs: 4, Instructions: 141stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • lstrlenW.KERNEL32(?,?), ref: 04E520BF
                                        • lstrlenW.KERNEL32(?,?), ref: 04E520F4
                                        • lstrlenW.KERNEL32(?), ref: 04E52133
                                        • lstrlenW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 04E52163
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: lstrlen
                                        • String ID:
                                        • API String ID: 1659193697-0
                                        • Opcode ID: 323bce7a8797d79b268e8d4fe7f1aec5eb93bb1053c5e4db65e0d086bf0cf0d4
                                        • Instruction ID: ab8f3f4f946ff4e19b28bc21937c3b3c83691525e11bce3971a789ac97f91330
                                        • Opcode Fuzzy Hash: 323bce7a8797d79b268e8d4fe7f1aec5eb93bb1053c5e4db65e0d086bf0cf0d4
                                        • Instruction Fuzzy Hash: 84416E712042406FE724EB69CD40F7BB3E9AFC8654F009A5CFA5AC7250EB70F9018B66
                                        Function 04E8E440 Relevance: 5.1, APIs: 4, Instructions: 58memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,0097E7E8), ref: 04E8E464
                                        • HeapFree.KERNEL32(00000000), ref: 04E8E467
                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 04E8E493
                                        • HeapAlloc.KERNEL32(00000000), ref: 04E8E496
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2761441462.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: true
                                        • Associated: 00000009.00000002.2761441462.0000000004EC4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000009.00000002.2761441462.0000000004ECA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_4dc0000_LisectAVT_2403002B_286_Update.jbxd
                                        Similarity
                                        • API ID: Heap$Process$AllocFree
                                        • String ID:
                                        • API String ID: 756756679-0
                                        • Opcode ID: 90675c6d3f5bc08d92284f0e67e64c97ecae745f54f4ab18e6df41753737d1a1
                                        • Instruction ID: d7fb6001559de17d4cbb04396873dca762e99a80601139a4981f91a9af45a561
                                        • Opcode Fuzzy Hash: 90675c6d3f5bc08d92284f0e67e64c97ecae745f54f4ab18e6df41753737d1a1
                                        • Instruction Fuzzy Hash: 3B11C2726011109FDB64BF6ADC45F677368FF9470AF08842DE40DCB288D678A8818BA0