Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
25XrVZw56S.exe

Overview

General Information

Sample name:25XrVZw56S.exe
renamed because original name is a hash value
Original sample name:6ba07e3e540b3a47a2a136c0320e55b4ba6e388241e7408ebee798c92ae324d9.exe
Analysis ID:1530008
MD5:d2965931e5463a26443a022b95edf5d4
SHA1:6bfde34ce3d9ef20f5265ff5045fd2411a9f3655
SHA256:6ba07e3e540b3a47a2a136c0320e55b4ba6e388241e7408ebee798c92ae324d9
Tags:exeuser-adrian__luca
Infos:

Detection

Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to resolve many domain names, but no domain seems valid
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to many different domains
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64
  • 25XrVZw56S.exe (PID: 7072 cmdline: "C:\Users\user\Desktop\25XrVZw56S.exe" MD5: D2965931E5463A26443A022B95EDF5D4)
    • mt2o4nrsazl5davsv.exe (PID: 7120 cmdline: "C:\bamqdjw\mt2o4nrsazl5davsv.exe" MD5: D2965931E5463A26443A022B95EDF5D4)
      • erewpegtq.exe (PID: 5932 cmdline: "C:\bamqdjw\erewpegtq.exe" MD5: D2965931E5463A26443A022B95EDF5D4)
      • conhost.exe (PID: 2688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • erewpegtq.exe (PID: 5772 cmdline: C:\bamqdjw\erewpegtq.exe MD5: D2965931E5463A26443A022B95EDF5D4)
    • czmruiag.exe (PID: 2200 cmdline: ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe" MD5: D2965931E5463A26443A022B95EDF5D4)
      • erewpegtq.exe (PID: 600 cmdline: "c:\bamqdjw\erewpegtq.exe" MD5: D2965931E5463A26443A022B95EDF5D4)
        • czmruiag.exe (PID: 4296 cmdline: ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe" MD5: D2965931E5463A26443A022B95EDF5D4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-09T16:27:22.078360+020020181411A Network Trojan was detected54.244.188.17780192.168.2.449730TCP
2024-10-09T16:28:52.061806+020020181411A Network Trojan was detected34.218.204.17380192.168.2.450467TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-09T16:27:22.078360+020020377711A Network Trojan was detected54.244.188.17780192.168.2.449730TCP
2024-10-09T16:28:52.061806+020020377711A Network Trojan was detected34.218.204.17380192.168.2.450467TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-09T16:27:22.372050+020028115421A Network Trojan was detected1.1.1.153192.168.2.464469UDP
2024-10-09T16:28:49.643108+020028115421A Network Trojan was detected1.1.1.153192.168.2.452475UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-09T16:27:22.073475+020028155681A Network Trojan was detected192.168.2.44973054.244.188.17780TCP
2024-10-09T16:28:39.802352+020028155681A Network Trojan was detected192.168.2.45039754.244.188.17780TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-09T16:27:22.073475+020028206801Malware Command and Control Activity Detected192.168.2.44973054.244.188.17780TCP
2024-10-09T16:28:39.802352+020028206801Malware Command and Control Activity Detected192.168.2.45039754.244.188.17780TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: 25XrVZw56S.exeAvira: detected
Antivirus detection for dropped file
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeAvira: detection malicious, Label: HEUR/AGEN.1318777
Source: C:\bamqdjw\czmruiag.exeAvira: detection malicious, Label: HEUR/AGEN.1318777
Source: C:\bamqdjw\erewpegtq.exeAvira: detection malicious, Label: HEUR/AGEN.1318777
Multi AV Scanner detection for dropped file
Source: C:\bamqdjw\czmruiag.exeReversingLabs: Detection: 89%
Source: C:\bamqdjw\erewpegtq.exeReversingLabs: Detection: 89%
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeReversingLabs: Detection: 89%
Multi AV Scanner detection for submitted file
Source: 25XrVZw56S.exeReversingLabs: Detection: 89%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.3% probability
Machine Learning detection for dropped file
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeJoe Sandbox ML: detected
Source: C:\bamqdjw\czmruiag.exeJoe Sandbox ML: detected
Source: C:\bamqdjw\erewpegtq.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: 25XrVZw56S.exeJoe Sandbox ML: detected
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CE67C0 GetProcAddress,GetProcAddress,CryptAcquireContextA,CryptGenRandom,_rand,_rand,_rand,_rand,1_2_00CE67C0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D12AF4 _LocaleUpdate::_LocaleUpdate,__isleadbyte_l,CryptAcquireContextA,MultiByteToWideChar,CryptAcquireContextA,MultiByteToWideChar,1_2_00D12AF4
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CA67C0 GetProcAddress,GetProcAddress,CryptAcquireContextA,CryptGenRandom,_rand,_rand,_rand,_rand,2_2_00CA67C0
Source: 25XrVZw56S.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 25XrVZw56S.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FC0E80 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,0_2_00FC0E80
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FF1938 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,GetDriveTypeW,_free,___loctotime32_t,_free,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,0_2_00FF1938
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE2C21 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,0_2_00FE2C21
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D11938 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,GetDriveTypeW,_free,___loctotime32_t,_free,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,1_2_00D11938
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D02C21 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,1_2_00D02C21
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CE0E80 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,1_2_00CE0E80
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CA0E80 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,2_2_00CA0E80
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CD1938 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime32_t,_free,__sopen_s,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,2_2_00CD1938
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CC2C21 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,2_2_00CC2C21
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001B2C21 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,3_2_001B2C21
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001C1938 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime32_t,_free,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,3_2_001C1938
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_00190E80 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,3_2_00190E80
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001C2C21 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,9_2_001C2C21
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001D1938 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime32_t,_free,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,9_2_001D1938
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001A0E80 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,9_2_001A0E80

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2815568 - Severity 1 - ETPRO MALWARE Terse HTTP 1.0 Request Possible Nivdort : 192.168.2.4:49730 -> 54.244.188.177:80
Source: Network trafficSuricata IDS: 2820680 - Severity 1 - ETPRO MALWARE W32/Bayrob Attempted Checkin 2 : 192.168.2.4:49730 -> 54.244.188.177:80
Source: Network trafficSuricata IDS: 2811542 - Severity 1 - ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (net) : 1.1.1.1:53 -> 192.168.2.4:64469
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.4:49730
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.4:49730
Source: Network trafficSuricata IDS: 2815568 - Severity 1 - ETPRO MALWARE Terse HTTP 1.0 Request Possible Nivdort : 192.168.2.4:50397 -> 54.244.188.177:80
Source: Network trafficSuricata IDS: 2820680 - Severity 1 - ETPRO MALWARE W32/Bayrob Attempted Checkin 2 : 192.168.2.4:50397 -> 54.244.188.177:80
Source: Network trafficSuricata IDS: 2811542 - Severity 1 - ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (net) : 1.1.1.1:53 -> 192.168.2.4:52475
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.218.204.173:80 -> 192.168.2.4:50467
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.218.204.173:80 -> 192.168.2.4:50467
Tries to resolve many domain names, but no domain seems valid
Source: unknownDNS traffic detected: query: degreefurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavenbecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavybecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gentlebecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavyfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: variouscover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pleasantgovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: answerbecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavengovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heardbecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: returngovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavenenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ordernature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: difficultneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: forwardbecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: forwardfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: glassbecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: answercompany.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: glassenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heardneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: difficultgovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heardgovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gentleenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: returncover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: necessarycover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: necessarynature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavencover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pleasantneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: degreecompany.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: leaderenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavyneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: degreecover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pleasantfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavennature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: difficultcompany.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heardcover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: leaderbecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavyenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ordercover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: glassnature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: requireenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heardenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: requirenature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gentlenature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gentlefurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: glassneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: leadergovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavencompany.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gentlegovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: difficultenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heardcompany.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: orderenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: degreebecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: necessaryenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pleasantenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: variousenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: necessarycompany.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: returnfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pleasantbecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: difficultfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: necessarygovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: glasscover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: necessaryneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: requirecompany.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavygovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: glassgovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavenfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: leadercover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pleasantnature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heardfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: leaderneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: answerfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: necessaryfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: orderbecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: glassfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavenneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: forwardcover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: requireneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: orderfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: variousgovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: requiregovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: answerenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: answerneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: variousnature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: difficultnature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heardnature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ordergovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: requirebecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: answercover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gentleneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: variousbecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: orderneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: difficultcover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: returnenough.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavycompany.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: answergovern.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: leaderfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gentlecover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: leadernature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: difficultbecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: variousneedle.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: returnnature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pleasantcompany.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: requirecover.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: heavynature.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: variousfurther.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: necessarybecome.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: requirefurther.net replaycode: Name error (3)
Source: unknownNetwork traffic detected: DNS query count 116
Source: global trafficDNS traffic detected: number of DNS queries: 116
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: returnneedle.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: forwardcompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: glasscompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: pleasantcover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: returnneedle.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: forwardcompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: glasscompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: pleasantcover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: returnneedle.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: forwardcompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: glasscompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: pleasantcover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: ordercompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: returnneedle.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: forwardcompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: glasscompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: pleasantcover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: ordercompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: leadercompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: returnneedle.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: forwardcompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: glasscompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: pleasantcover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: ordercompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: leadercompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: heavycover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: gentlecompany.net
Source: Joe Sandbox ViewIP Address: 34.218.204.173 34.218.204.173
Source: Joe Sandbox ViewIP Address: 210.157.78.4 210.157.78.4
Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FBA5B0 __snprintf,socket,setsockopt,gethostbyname,inet_ntoa,inet_addr,htons,connect,send,recv,closesocket,0_2_00FBA5B0
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: returnneedle.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: forwardcompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: glasscompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: pleasantcover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: returnneedle.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: forwardcompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: glasscompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: pleasantcover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: returnneedle.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: forwardcompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: glasscompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: pleasantcover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: ordercompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: returnneedle.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: forwardcompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: glasscompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: pleasantcover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: ordercompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: leadercompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: returnneedle.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: forwardcompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: glasscompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: pleasantcover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: ordercompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: leadercompany.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: heavycover.net
Source: global trafficHTTP traffic detected: GET /index.php HTTP/1.0Accept: */*Connection: closeHost: gentlecompany.net
Source: global trafficDNS traffic detected: DNS query: glassnature.net
Source: global trafficDNS traffic detected: DNS query: answerneedle.net
Source: global trafficDNS traffic detected: DNS query: glassneedle.net
Source: global trafficDNS traffic detected: DNS query: answerenough.net
Source: global trafficDNS traffic detected: DNS query: glassenough.net
Source: global trafficDNS traffic detected: DNS query: answergovern.net
Source: global trafficDNS traffic detected: DNS query: glassgovern.net
Source: global trafficDNS traffic detected: DNS query: difficultnature.net
Source: global trafficDNS traffic detected: DNS query: heardnature.net
Source: global trafficDNS traffic detected: DNS query: difficultneedle.net
Source: global trafficDNS traffic detected: DNS query: heardneedle.net
Source: global trafficDNS traffic detected: DNS query: difficultenough.net
Source: global trafficDNS traffic detected: DNS query: heardenough.net
Source: global trafficDNS traffic detected: DNS query: difficultgovern.net
Source: global trafficDNS traffic detected: DNS query: heardgovern.net
Source: global trafficDNS traffic detected: DNS query: pleasantnature.net
Source: global trafficDNS traffic detected: DNS query: necessarynature.net
Source: global trafficDNS traffic detected: DNS query: pleasantneedle.net
Source: global trafficDNS traffic detected: DNS query: necessaryneedle.net
Source: global trafficDNS traffic detected: DNS query: pleasantenough.net
Source: global trafficDNS traffic detected: DNS query: necessaryenough.net
Source: global trafficDNS traffic detected: DNS query: pleasantgovern.net
Source: global trafficDNS traffic detected: DNS query: necessarygovern.net
Source: global trafficDNS traffic detected: DNS query: ordernature.net
Source: global trafficDNS traffic detected: DNS query: requirenature.net
Source: global trafficDNS traffic detected: DNS query: orderneedle.net
Source: global trafficDNS traffic detected: DNS query: requireneedle.net
Source: global trafficDNS traffic detected: DNS query: orderenough.net
Source: global trafficDNS traffic detected: DNS query: requireenough.net
Source: global trafficDNS traffic detected: DNS query: ordergovern.net
Source: global trafficDNS traffic detected: DNS query: requiregovern.net
Source: global trafficDNS traffic detected: DNS query: leadernature.net
Source: global trafficDNS traffic detected: DNS query: heavennature.net
Source: global trafficDNS traffic detected: DNS query: leaderneedle.net
Source: global trafficDNS traffic detected: DNS query: heavenneedle.net
Source: global trafficDNS traffic detected: DNS query: leaderenough.net
Source: global trafficDNS traffic detected: DNS query: heavenenough.net
Source: global trafficDNS traffic detected: DNS query: leadergovern.net
Source: global trafficDNS traffic detected: DNS query: heavengovern.net
Source: global trafficDNS traffic detected: DNS query: heavynature.net
Source: global trafficDNS traffic detected: DNS query: gentlenature.net
Source: global trafficDNS traffic detected: DNS query: heavyneedle.net
Source: global trafficDNS traffic detected: DNS query: gentleneedle.net
Source: global trafficDNS traffic detected: DNS query: heavyenough.net
Source: global trafficDNS traffic detected: DNS query: gentleenough.net
Source: global trafficDNS traffic detected: DNS query: heavygovern.net
Source: global trafficDNS traffic detected: DNS query: gentlegovern.net
Source: global trafficDNS traffic detected: DNS query: variousnature.net
Source: global trafficDNS traffic detected: DNS query: returnnature.net
Source: global trafficDNS traffic detected: DNS query: variousneedle.net
Source: global trafficDNS traffic detected: DNS query: returnneedle.net
Source: global trafficDNS traffic detected: DNS query: variousenough.net
Source: global trafficDNS traffic detected: DNS query: returnenough.net
Source: global trafficDNS traffic detected: DNS query: variousgovern.net
Source: global trafficDNS traffic detected: DNS query: returngovern.net
Source: global trafficDNS traffic detected: DNS query: degreefurther.net
Source: global trafficDNS traffic detected: DNS query: forwardfurther.net
Source: global trafficDNS traffic detected: DNS query: degreecover.net
Source: global trafficDNS traffic detected: DNS query: forwardcover.net
Source: global trafficDNS traffic detected: DNS query: degreebecome.net
Source: global trafficDNS traffic detected: DNS query: forwardbecome.net
Source: global trafficDNS traffic detected: DNS query: degreecompany.net
Source: global trafficDNS traffic detected: DNS query: forwardcompany.net
Source: global trafficDNS traffic detected: DNS query: answerfurther.net
Source: global trafficDNS traffic detected: DNS query: glassfurther.net
Source: global trafficDNS traffic detected: DNS query: answercover.net
Source: global trafficDNS traffic detected: DNS query: glasscover.net
Source: global trafficDNS traffic detected: DNS query: answerbecome.net
Source: global trafficDNS traffic detected: DNS query: glassbecome.net
Source: global trafficDNS traffic detected: DNS query: answercompany.net
Source: global trafficDNS traffic detected: DNS query: glasscompany.net
Source: global trafficDNS traffic detected: DNS query: difficultfurther.net
Source: global trafficDNS traffic detected: DNS query: heardfurther.net
Source: global trafficDNS traffic detected: DNS query: difficultcover.net
Source: global trafficDNS traffic detected: DNS query: heardcover.net
Source: global trafficDNS traffic detected: DNS query: difficultbecome.net
Source: global trafficDNS traffic detected: DNS query: heardbecome.net
Source: global trafficDNS traffic detected: DNS query: difficultcompany.net
Source: global trafficDNS traffic detected: DNS query: heardcompany.net
Source: global trafficDNS traffic detected: DNS query: pleasantfurther.net
Source: global trafficDNS traffic detected: DNS query: necessaryfurther.net
Source: global trafficDNS traffic detected: DNS query: pleasantcover.net
Source: global trafficDNS traffic detected: DNS query: necessarycover.net
Source: global trafficDNS traffic detected: DNS query: pleasantbecome.net
Source: global trafficDNS traffic detected: DNS query: necessarybecome.net
Source: global trafficDNS traffic detected: DNS query: pleasantcompany.net
Source: global trafficDNS traffic detected: DNS query: necessarycompany.net
Source: global trafficDNS traffic detected: DNS query: orderfurther.net
Source: global trafficDNS traffic detected: DNS query: requirefurther.net
Source: global trafficDNS traffic detected: DNS query: ordercover.net
Source: global trafficDNS traffic detected: DNS query: requirecover.net
Source: global trafficDNS traffic detected: DNS query: orderbecome.net
Source: global trafficDNS traffic detected: DNS query: requirebecome.net
Source: global trafficDNS traffic detected: DNS query: ordercompany.net
Source: global trafficDNS traffic detected: DNS query: requirecompany.net
Source: global trafficDNS traffic detected: DNS query: leaderfurther.net
Source: global trafficDNS traffic detected: DNS query: heavenfurther.net
Source: global trafficDNS traffic detected: DNS query: leadercover.net
Source: global trafficDNS traffic detected: DNS query: heavencover.net
Source: global trafficDNS traffic detected: DNS query: leaderbecome.net
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 14:28:55 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Thu, 22 Apr 2021 10:24:00 GMTETag: "afe-5c08d13eb1b03"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 14:29:05 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Thu, 22 Apr 2021 10:24:00 GMTETag: "afe-5c08d13eb1b03"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 14:29:05 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Thu, 22 Apr 2021 10:24:00 GMTETag: "afe-5c08d13eb1b03"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 14:29:16 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Thu, 22 Apr 2021 10:24:00 GMTETag: "afe-5c08d13eb1b03"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 09 Oct 2024 14:29:20 GMTContent-Type: text/htmlContent-Length: 7825Connection: closeVary: Accept-EncodingLast-Modified: Thu, 07 Mar 2019 09:08:00 GMTETag: "1e91-5837d7168cbbf"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2a 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 7d 0d 0a 69 6d 67 20 7b 0d 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 7d 0d 0a 75 6c 20 7b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0d 0a 7d 0d 0a 68 74 6d 6c 20 7b 0d 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0d 0a 7d 0d 0a 62 6f 64 79 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 28 32 35 35 2c 20 31 34 33 2c 20 38 33 29 3b 0d 0a 7d 0d 0a 68 31 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 34 70 78 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 7d 0d 0a 68 32 20 7b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0d 0a 7d 0d 0a 70 20 7b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 7d 0d 0a 2e 65 78 70 6c 61 69 6e 20 7b 0d 0a 20 20 20 20 6c
Source: erewpegtq.exe, 00000008.00000002.2941723598.0000000001D7D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://gentlecompany.net/index.php
Source: erewpegtq.exe, 00000002.00000002.2455125863.00000000014AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: C:\Users\user\Desktop\25XrVZw56S.exeFile created: C:\Windows\bamqdjw\Jump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeFile created: C:\Windows\bamqdjw\txadnumgtelpJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeFile created: C:\Windows\bamqdjw\txadnumgtelpJump to behavior
Source: C:\bamqdjw\erewpegtq.exeFile created: C:\Windows\bamqdjw\txadnumgtelpJump to behavior
Source: C:\bamqdjw\czmruiag.exeFile created: C:\Windows\bamqdjw\txadnumgtelpJump to behavior
Source: C:\bamqdjw\erewpegtq.exeFile created: C:\Windows\bamqdjw\txadnumgtelpJump to behavior
Source: C:\bamqdjw\erewpegtq.exeFile created: C:\Windows\bamqdjw\txadnumgtelpJump to behavior
Source: C:\bamqdjw\czmruiag.exeFile created: C:\Windows\bamqdjw\txadnumgtelpJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeFile deleted: C:\Windows\bamqdjw\txadnumgtelpJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FCE9C00_2_00FCE9C0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FDC0640_2_00FDC064
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_010031EA0_2_010031EA
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE51F30_2_00FE51F3
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FF61D50_2_00FF61D5
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_010053310_2_01005331
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE42950_2_00FE4295
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FFC2810_2_00FFC281
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FDA3DF0_2_00FDA3DF
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FDC4990_2_00FDC499
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE64230_2_00FE6423
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FFD50F0_2_00FFD50F
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FD96800_2_00FD9680
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FC96300_2_00FC9630
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FFC7F30_2_00FFC7F3
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE37D00_2_00FE37D0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FDB7580_2_00FDB758
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_010016D00_2_010016D0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FDC8CE0_2_00FDC8CE
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FC98B90_2_00FC98B9
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FF4A130_2_00FF4A13
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FDBC4C0_2_00FDBC4C
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FFBD160_2_00FFBD16
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FB3EE00_2_00FB3EE0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FDFE900_2_00FDFE90
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CEE9C01_2_00CEE9C0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CFC0641_2_00CFC064
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D161D51_2_00D161D5
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D051F31_2_00D051F3
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D231EA1_2_00D231EA
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D042951_2_00D04295
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D1C2811_2_00D1C281
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CFA3DF1_2_00CFA3DF
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D253311_2_00D25331
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CFC4991_2_00CFC499
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D064231_2_00D06423
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D1D50F1_2_00D1D50F
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D216D01_2_00D216D0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CF96801_2_00CF9680
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CE96301_2_00CE9630
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D037D01_2_00D037D0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D097D31_2_00D097D3
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D1C7F31_2_00D1C7F3
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CFB7581_2_00CFB758
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CFC8CE1_2_00CFC8CE
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CE98B91_2_00CE98B9
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D14A131_2_00D14A13
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CFBC4C1_2_00CFBC4C
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D1BD161_2_00D1BD16
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CD3EE01_2_00CD3EE0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CFFE901_2_00CFFE90
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CC42952_2_00CC4295
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CAE9C02_2_00CAE9C0
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CBC0642_2_00CBC064
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CD61D52_2_00CD61D5
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CE31EA2_2_00CE31EA
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CC51F32_2_00CC51F3
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CDC2812_2_00CDC281
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CBA3DF2_2_00CBA3DF
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CE53312_2_00CE5331
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CBC4992_2_00CBC499
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CC64232_2_00CC6423
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CDD50F2_2_00CDD50F
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CE16D02_2_00CE16D0
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CB96802_2_00CB9680
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CA96302_2_00CA9630
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CC37D02_2_00CC37D0
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CC97D32_2_00CC97D3
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CDC7F32_2_00CDC7F3
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CBB7582_2_00CBB758
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CBC8CE2_2_00CBC8CE
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CA98B92_2_00CA98B9
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CD4A132_2_00CD4A13
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CBBC4C2_2_00CBBC4C
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CDBD162_2_00CDBD16
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00C93EE02_2_00C93EE0
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CBFE902_2_00CBFE90
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_0019E9C03_2_0019E9C0
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001AC0643_2_001AC064
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001C61D53_2_001C61D5
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001B51F33_2_001B51F3
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001D31EA3_2_001D31EA
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001B42953_2_001B4295
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001CC2813_2_001CC281
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001D53313_2_001D5331
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001AA3DF3_2_001AA3DF
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001B64233_2_001B6423
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001AC4993_2_001AC499
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001CD50F3_2_001CD50F
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001996303_2_00199630
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001A96803_2_001A9680
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001D16D03_2_001D16D0
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001AB7583_2_001AB758
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001B97D33_2_001B97D3
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001B37D03_2_001B37D0
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001CC7F33_2_001CC7F3
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001998B93_2_001998B9
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001AC8CE3_2_001AC8CE
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001C4A133_2_001C4A13
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001ABC4C3_2_001ABC4C
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001CBD163_2_001CBD16
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001AFE903_2_001AFE90
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_00183EE03_2_00183EE0
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001AE9C09_2_001AE9C0
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001BC0649_2_001BC064
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001D61D59_2_001D61D5
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001C51F39_2_001C51F3
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001E31EA9_2_001E31EA
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001C42959_2_001C4295
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001DC2819_2_001DC281
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001E53319_2_001E5331
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001BA3DF9_2_001BA3DF
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001C64239_2_001C6423
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001BC4999_2_001BC499
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001DD50F9_2_001DD50F
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001A96309_2_001A9630
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001B96809_2_001B9680
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001E16D09_2_001E16D0
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001BB7589_2_001BB758
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001C37D09_2_001C37D0
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001C97D39_2_001C97D3
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001DC7F39_2_001DC7F3
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001A98B99_2_001A98B9
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001BC8CE9_2_001BC8CE
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001D4A139_2_001D4A13
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001BBC4C9_2_001BBC4C
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001DBD169_2_001DBD16
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001BFE909_2_001BFE90
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_00193EE09_2_00193EE0
Source: C:\bamqdjw\czmruiag.exeCode function: String function: 001C0697 appears 42 times
Source: C:\bamqdjw\czmruiag.exeCode function: String function: 001BFDF0 appears 62 times
Source: C:\bamqdjw\czmruiag.exeCode function: String function: 001AFDF0 appears 62 times
Source: C:\bamqdjw\czmruiag.exeCode function: String function: 001B0697 appears 42 times
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: String function: 00D00697 appears 42 times
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: String function: 00CFFDF0 appears 62 times
Source: C:\bamqdjw\erewpegtq.exeCode function: String function: 00CC0697 appears 42 times
Source: C:\bamqdjw\erewpegtq.exeCode function: String function: 00CBFDF0 appears 62 times
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: String function: 00FDFDF0 appears 62 times
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: String function: 00FE0697 appears 42 times
Source: 25XrVZw56S.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal96.troj.evad.winEXE@13/6@408/9
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,0_2_00FC8DE0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,1_2_00CE8DE0
Source: C:\bamqdjw\erewpegtq.exeCode function: OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,2_2_00CA8DE0
Source: C:\bamqdjw\czmruiag.exeCode function: OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,3_2_00198DE0
Source: C:\bamqdjw\czmruiag.exeCode function: OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,9_2_001A8DE0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FC6030 CreateToolhelp32Snapshot,Process32First,__snprintf,CreateToolhelp32Snapshot,Module32First,CloseHandle,Process32Next,CloseHandle,0_2_00FC6030
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FCD5E0 StartServiceCtrlDispatcherA,0_2_00FCD5E0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FCD5E0 StartServiceCtrlDispatcherA,0_2_00FCD5E0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CED5E0 StartServiceCtrlDispatcherA,1_2_00CED5E0
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CAD5E0 StartServiceCtrlDispatcherA,2_2_00CAD5E0
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_0019D5E0 StartServiceCtrlDispatcherA,3_2_0019D5E0
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001AD5E0 StartServiceCtrlDispatcherA,9_2_001AD5E0
Source: C:\bamqdjw\czmruiag.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2688:120:WilError_03
Source: 25XrVZw56S.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\25XrVZw56S.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 25XrVZw56S.exeReversingLabs: Detection: 89%
Source: C:\Users\user\Desktop\25XrVZw56S.exeFile read: C:\Users\user\Desktop\25XrVZw56S.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\25XrVZw56S.exe "C:\Users\user\Desktop\25XrVZw56S.exe"
Source: C:\Users\user\Desktop\25XrVZw56S.exeProcess created: C:\bamqdjw\mt2o4nrsazl5davsv.exe "C:\bamqdjw\mt2o4nrsazl5davsv.exe"
Source: unknownProcess created: C:\bamqdjw\erewpegtq.exe C:\bamqdjw\erewpegtq.exe
Source: C:\bamqdjw\erewpegtq.exeProcess created: C:\bamqdjw\czmruiag.exe ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe"
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeProcess created: C:\bamqdjw\erewpegtq.exe "C:\bamqdjw\erewpegtq.exe"
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\bamqdjw\czmruiag.exeProcess created: C:\bamqdjw\erewpegtq.exe "c:\bamqdjw\erewpegtq.exe"
Source: C:\bamqdjw\erewpegtq.exeProcess created: C:\bamqdjw\czmruiag.exe ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe"
Source: C:\Users\user\Desktop\25XrVZw56S.exeProcess created: C:\bamqdjw\mt2o4nrsazl5davsv.exe "C:\bamqdjw\mt2o4nrsazl5davsv.exe"Jump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeProcess created: C:\bamqdjw\erewpegtq.exe "C:\bamqdjw\erewpegtq.exe"Jump to behavior
Source: C:\bamqdjw\erewpegtq.exeProcess created: C:\bamqdjw\czmruiag.exe ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe"Jump to behavior
Source: C:\bamqdjw\czmruiag.exeProcess created: C:\bamqdjw\erewpegtq.exe "c:\bamqdjw\erewpegtq.exe"Jump to behavior
Source: C:\bamqdjw\erewpegtq.exeProcess created: C:\bamqdjw\czmruiag.exe ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe"Jump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeSection loaded: wintypes.dllJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeSection loaded: apphelp.dllJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeSection loaded: sspicli.dllJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeSection loaded: userenv.dllJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeSection loaded: profapi.dllJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: apphelp.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: sspicli.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: profapi.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: mswsock.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: napinsp.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: wshbth.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: winrnr.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\bamqdjw\czmruiag.exeSection loaded: apphelp.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: sspicli.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: profapi.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: mswsock.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: napinsp.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: wshbth.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: winrnr.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\bamqdjw\erewpegtq.exeSection loaded: fwpuclnt.dllJump to behavior
Source: 25XrVZw56S.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FCE9C0 _malloc,_memset,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetEnvironmentVariableA,CreateMutexA,CreateMutexA,CreateMutexA,GetTickCount,__itow,GetCommandLineA,__stat32i64,Sleep,__stat32i64,Sleep,__stat32i64,GetModuleFileNameA,SetFileAttributesA,CopyFileA,SetFileAttributesA,SetFileAttributesA,Sleep,GetCommandLineA,GetModuleFileNameA,LoadLibraryA,GetProcAddress,MessageBoxA,WSAStartup,CloseHandle,SetFileAttributesA,CopyFileA,SetFileAttributesA,Sleep,Sleep,SetFileAttributesA,CopyFileA,SetFileAttributesA,__snprintf,_memset,_memset,CreateThread,Sleep,0_2_00FCE9C0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FEA064 push edi; ret 0_2_00FEA068
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FEA189 push esi; ret 0_2_00FEA18D
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FDF3DF push ecx; ret 0_2_00FDF3F2
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE88F2 push edi; ret 0_2_00FE88F4
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE89FA push esi; ret 0_2_00FE8A0D
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE8BE6 push esi; ret 0_2_00FE8BE8
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE9B9F push edi; ret 0_2_00FE9BA5
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE9B75 push esi; ret 0_2_00FE9B79
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE8CCF push edi; ret 0_2_00FE8CD1
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FDFE35 push ecx; ret 0_2_00FDFE48
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CFF3DF push ecx; ret 1_2_00CFF3F2
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CFFE35 push ecx; ret 1_2_00CFFE48
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CBF3DF push ecx; ret 2_2_00CBF3F2
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CBFE35 push ecx; ret 2_2_00CBFE48
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001AF3DF push ecx; ret 3_2_001AF3F2
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001AFE35 push ecx; ret 3_2_001AFE48
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001BF3DF push ecx; ret 9_2_001BF3F2
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001BFE35 push ecx; ret 9_2_001BFE48
Source: C:\bamqdjw\erewpegtq.exeFile created: C:\bamqdjw\czmruiag.exeJump to dropped file
Source: C:\Users\user\Desktop\25XrVZw56S.exeFile created: C:\bamqdjw\mt2o4nrsazl5davsv.exeJump to dropped file
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeFile created: C:\bamqdjw\erewpegtq.exeJump to dropped file
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FCD5E0 StartServiceCtrlDispatcherA,0_2_00FCD5E0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FCE9C0 _malloc,_memset,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetEnvironmentVariableA,CreateMutexA,CreateMutexA,CreateMutexA,GetTickCount,__itow,GetCommandLineA,__stat32i64,Sleep,__stat32i64,Sleep,__stat32i64,GetModuleFileNameA,SetFileAttributesA,CopyFileA,SetFileAttributesA,SetFileAttributesA,Sleep,GetCommandLineA,GetModuleFileNameA,LoadLibraryA,GetProcAddress,MessageBoxA,WSAStartup,CloseHandle,SetFileAttributesA,CopyFileA,SetFileAttributesA,Sleep,Sleep,SetFileAttributesA,CopyFileA,SetFileAttributesA,__snprintf,_memset,_memset,CreateThread,Sleep,0_2_00FCE9C0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: OpenSCManagerA,EnumServicesStatusA,GetLastError,_malloc,EnumServicesStatusA,__snprintf,_free,CloseServiceHandle,0_2_00FCC5C0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: OpenSCManagerA,EnumServicesStatusA,GetLastError,_malloc,EnumServicesStatusA,__snprintf,_free,CloseServiceHandle,1_2_00CEC5C0
Source: C:\bamqdjw\erewpegtq.exeCode function: OpenSCManagerA,EnumServicesStatusA,GetLastError,_malloc,EnumServicesStatusA,__snprintf,_free,CloseServiceHandle,2_2_00CAC5C0
Source: C:\bamqdjw\czmruiag.exeCode function: OpenSCManagerA,EnumServicesStatusA,GetLastError,_malloc,EnumServicesStatusA,__snprintf,_free,CloseServiceHandle,3_2_0019C5C0
Source: C:\bamqdjw\czmruiag.exeCode function: OpenSCManagerA,EnumServicesStatusA,GetLastError,_malloc,EnumServicesStatusA,__snprintf,_free,CloseServiceHandle,9_2_001AC5C0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: GetProcessHeap,LoadLibraryA,GetProcAddress,FreeLibrary,HeapAlloc,FreeLibrary,GetAdaptersInfo,HeapFree,HeapAlloc,FreeLibrary,GetAdaptersInfo,HeapFree,FreeLibrary,1_2_00CDE7A0
Source: C:\bamqdjw\erewpegtq.exeCode function: GetProcessHeap,LoadLibraryA,GetProcAddress,FreeLibrary,HeapAlloc,FreeLibrary,GetAdaptersInfo,HeapFree,HeapAlloc,FreeLibrary,GetAdaptersInfo,HeapFree,FreeLibrary,2_2_00C9E7A0
Source: C:\bamqdjw\czmruiag.exeWindow / User API: threadDelayed 861Jump to behavior
Source: C:\bamqdjw\czmruiag.exeWindow / User API: threadDelayed 1090Jump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeEvaded block: after key decisiongraph_1-32559
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeEvaded block: after key decisiongraph_1-32597
Source: C:\bamqdjw\erewpegtq.exeEvaded block: after key decisiongraph_2-32724
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_1-33195
Source: C:\Users\user\Desktop\25XrVZw56S.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-33341
Source: C:\bamqdjw\erewpegtq.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_2-33819
Source: C:\bamqdjw\czmruiag.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_3-32855
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_1-31829
Source: C:\bamqdjw\czmruiag.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_3-31767
Source: C:\Users\user\Desktop\25XrVZw56S.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-32337
Source: C:\bamqdjw\erewpegtq.exe TID: 6396Thread sleep count: 320 > 30Jump to behavior
Source: C:\bamqdjw\erewpegtq.exe TID: 6396Thread sleep time: -711040s >= -30000sJump to behavior
Source: C:\bamqdjw\czmruiag.exe TID: 908Thread sleep count: 861 > 30Jump to behavior
Source: C:\bamqdjw\czmruiag.exe TID: 908Thread sleep time: -861000s >= -30000sJump to behavior
Source: C:\bamqdjw\czmruiag.exe TID: 908Thread sleep count: 1090 > 30Jump to behavior
Source: C:\bamqdjw\czmruiag.exe TID: 908Thread sleep time: -1090000s >= -30000sJump to behavior
Source: C:\bamqdjw\erewpegtq.exe TID: 1608Thread sleep count: 327 > 30Jump to behavior
Source: C:\bamqdjw\erewpegtq.exe TID: 1608Thread sleep time: -16350000s >= -30000sJump to behavior
Source: C:\bamqdjw\erewpegtq.exe TID: 1608Thread sleep time: -50000s >= -30000sJump to behavior
Source: C:\bamqdjw\czmruiag.exe TID: 5676Thread sleep count: 49 > 30Jump to behavior
Source: C:\bamqdjw\czmruiag.exe TID: 5676Thread sleep time: -49000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\bamqdjw\erewpegtq.exeLast function: Thread delayed
Source: C:\bamqdjw\erewpegtq.exeLast function: Thread delayed
Source: C:\bamqdjw\czmruiag.exeLast function: Thread delayed
Source: C:\bamqdjw\czmruiag.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FB7DE0 GetSystemTime followed by cmp: cmp dword ptr [ebp-08h], 15h and CTI: jnl 00FB7E94h0_2_00FB7DE0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CD7DE0 GetSystemTime followed by cmp: cmp dword ptr [ebp-08h], 15h and CTI: jnl 00CD7E94h1_2_00CD7DE0
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00C97DE0 GetSystemTime followed by cmp: cmp dword ptr [ebp-08h], 15h and CTI: jnl 00C97E94h2_2_00C97DE0
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_00187DE0 GetSystemTime followed by cmp: cmp dword ptr [ebp-08h], 15h and CTI: jnl 00187E94h3_2_00187DE0
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_00197DE0 GetSystemTime followed by cmp: cmp dword ptr [ebp-08h], 15h and CTI: jnl 00197E94h9_2_00197DE0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FC0E80 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,0_2_00FC0E80
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FF1938 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,GetDriveTypeW,_free,___loctotime32_t,_free,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,0_2_00FF1938
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE2C21 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,0_2_00FE2C21
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D11938 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,GetDriveTypeW,_free,___loctotime32_t,_free,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,1_2_00D11938
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D02C21 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,1_2_00D02C21
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00CE0E80 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,1_2_00CE0E80
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CA0E80 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,2_2_00CA0E80
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CD1938 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime32_t,_free,__sopen_s,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,2_2_00CD1938
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CC2C21 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,2_2_00CC2C21
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001B2C21 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,3_2_001B2C21
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001C1938 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime32_t,_free,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,3_2_001C1938
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_00190E80 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,3_2_00190E80
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001C2C21 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,9_2_001C2C21
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001D1938 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime32_t,_free,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,9_2_001D1938
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001A0E80 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,9_2_001A0E80
Source: C:\bamqdjw\erewpegtq.exeThread delayed: delay time: 50000Jump to behavior
Source: C:\bamqdjw\erewpegtq.exeThread delayed: delay time: 50000Jump to behavior
Source: mt2o4nrsazl5davsv.exe, 00000001.00000002.1704922696.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
Source: erewpegtq.exe, 00000008.00000002.2941268951.000000000138D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllWW'
Source: erewpegtq.exe, 00000002.00000002.2455125863.00000000014AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlld
Source: C:\Users\user\Desktop\25XrVZw56S.exeAPI call chain: ExitProcess graph end nodegraph_0-32338
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeAPI call chain: ExitProcess graph end nodegraph_1-31830
Source: C:\bamqdjw\erewpegtq.exeAPI call chain: ExitProcess graph end nodegraph_2-32020
Source: C:\bamqdjw\czmruiag.exeAPI call chain: ExitProcess graph end nodegraph_3-31768
Source: C:\bamqdjw\czmruiag.exeAPI call chain: ExitProcess graph end node
Source: C:\bamqdjw\erewpegtq.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE02E8 _memset,IsDebuggerPresent,0_2_00FE02E8
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FEE432 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00FEE432
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FCE9C0 _malloc,_memset,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetEnvironmentVariableA,CreateMutexA,CreateMutexA,CreateMutexA,GetTickCount,__itow,GetCommandLineA,__stat32i64,Sleep,__stat32i64,Sleep,__stat32i64,GetModuleFileNameA,SetFileAttributesA,CopyFileA,SetFileAttributesA,SetFileAttributesA,Sleep,GetCommandLineA,GetModuleFileNameA,LoadLibraryA,GetProcAddress,MessageBoxA,WSAStartup,CloseHandle,SetFileAttributesA,CopyFileA,SetFileAttributesA,Sleep,Sleep,SetFileAttributesA,CopyFileA,SetFileAttributesA,__snprintf,_memset,_memset,CreateThread,Sleep,0_2_00FCE9C0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FBE7A0 GetProcessHeap,LoadLibraryA,GetProcAddress,FreeLibrary,HeapAlloc,FreeLibrary,HeapFree,HeapAlloc,FreeLibrary,HeapFree,FreeLibrary,0_2_00FBE7A0
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE0CDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FE0CDC
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FE0CAB SetUnhandledExceptionFilter,0_2_00FE0CAB
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D00CDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00D00CDC
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: 1_2_00D00CAB SetUnhandledExceptionFilter,1_2_00D00CAB
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CC0CDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00CC0CDC
Source: C:\bamqdjw\erewpegtq.exeCode function: 2_2_00CC0CAB SetUnhandledExceptionFilter,2_2_00CC0CAB
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001B0CAB SetUnhandledExceptionFilter,3_2_001B0CAB
Source: C:\bamqdjw\czmruiag.exeCode function: 3_2_001B0CDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_001B0CDC
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001C0CAB SetUnhandledExceptionFilter,9_2_001C0CAB
Source: C:\bamqdjw\czmruiag.exeCode function: 9_2_001C0CDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_001C0CDC
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FBA200 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00FBA200
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,0_2_00FFE784
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: EnumSystemLocalesW,0_2_00FFE9F8
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: IsProcessorFeaturePresent,___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,0_2_00FDF99D
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,0_2_00FFEAD1
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,0_2_00FFEA54
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,0_2_00FFEB54
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,0_2_00FFED49
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_00FEDD22
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00FFEE73
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,0_2_00FFEFF4
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: GetLocaleInfoW,0_2_00FEDF89
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: GetLocaleInfoW,_GetPrimaryLen,0_2_00FFEF20
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: EnumSystemLocalesW,0_2_00FEDF03
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,1_2_00D1E784
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,1_2_00CFF9CE
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: EnumSystemLocalesW,1_2_00D1E9F8
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,1_2_00D1EAD1
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,1_2_00D1EA54
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,1_2_00D1EB54
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,1_2_00D1ED49
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,1_2_00D0DD22
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00D1EE73
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,1_2_00D1EFF4
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: GetLocaleInfoW,1_2_00D0DF89
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: EnumSystemLocalesW,1_2_00D0DF03
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeCode function: GetLocaleInfoW,_GetPrimaryLen,1_2_00D1EF20
Source: C:\bamqdjw\erewpegtq.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,2_2_00CDE784
Source: C:\bamqdjw\erewpegtq.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,2_2_00CBF9CE
Source: C:\bamqdjw\erewpegtq.exeCode function: EnumSystemLocalesW,2_2_00CDE9F8
Source: C:\bamqdjw\erewpegtq.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00CDEAD1
Source: C:\bamqdjw\erewpegtq.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00CDEA54
Source: C:\bamqdjw\erewpegtq.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,2_2_00CDEB54
Source: C:\bamqdjw\erewpegtq.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,2_2_00CDED49
Source: C:\bamqdjw\erewpegtq.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_00CCDD22
Source: C:\bamqdjw\erewpegtq.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00CDEE73
Source: C:\bamqdjw\erewpegtq.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,2_2_00CDEFF4
Source: C:\bamqdjw\erewpegtq.exeCode function: GetLocaleInfoW,2_2_00CCDF89
Source: C:\bamqdjw\erewpegtq.exeCode function: EnumSystemLocalesW,2_2_00CCDF03
Source: C:\bamqdjw\erewpegtq.exeCode function: GetLocaleInfoW,_GetPrimaryLen,2_2_00CDEF20
Source: C:\bamqdjw\czmruiag.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,3_2_001CE784
Source: C:\bamqdjw\czmruiag.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,3_2_001AF9CE
Source: C:\bamqdjw\czmruiag.exeCode function: EnumSystemLocalesW,3_2_001CE9F8
Source: C:\bamqdjw\czmruiag.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,3_2_001CEA54
Source: C:\bamqdjw\czmruiag.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,3_2_001CEAD1
Source: C:\bamqdjw\czmruiag.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,3_2_001CEB54
Source: C:\bamqdjw\czmruiag.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_001BDD22
Source: C:\bamqdjw\czmruiag.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,3_2_001CED49
Source: C:\bamqdjw\czmruiag.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_001CEE73
Source: C:\bamqdjw\czmruiag.exeCode function: EnumSystemLocalesW,3_2_001BDF03
Source: C:\bamqdjw\czmruiag.exeCode function: GetLocaleInfoW,_GetPrimaryLen,3_2_001CEF20
Source: C:\bamqdjw\czmruiag.exeCode function: GetLocaleInfoW,3_2_001BDF89
Source: C:\bamqdjw\czmruiag.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,3_2_001CEFF4
Source: C:\bamqdjw\czmruiag.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,9_2_001DE784
Source: C:\bamqdjw\czmruiag.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,9_2_001BF9CE
Source: C:\bamqdjw\czmruiag.exeCode function: EnumSystemLocalesW,9_2_001DE9F8
Source: C:\bamqdjw\czmruiag.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,9_2_001DEA54
Source: C:\bamqdjw\czmruiag.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,9_2_001DEAD1
Source: C:\bamqdjw\czmruiag.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,9_2_001DEB54
Source: C:\bamqdjw\czmruiag.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,9_2_001CDD22
Source: C:\bamqdjw\czmruiag.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,9_2_001DED49
Source: C:\bamqdjw\czmruiag.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_001DEE73
Source: C:\bamqdjw\czmruiag.exeCode function: EnumSystemLocalesW,9_2_001CDF03
Source: C:\bamqdjw\czmruiag.exeCode function: GetLocaleInfoW,_GetPrimaryLen,9_2_001DEF20
Source: C:\bamqdjw\czmruiag.exeCode function: GetLocaleInfoW,9_2_001CDF89
Source: C:\bamqdjw\czmruiag.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,9_2_001DEFF4
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FEC365 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00FEC365
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FFF713 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00FFF713
Source: C:\Users\user\Desktop\25XrVZw56S.exeCode function: 0_2_00FCACD0 GetVersionExA,CreateDirectoryA,DeleteFileA,RemoveDirectoryA,CreateDirectoryA,CreateDirectoryA,__snprintf,__snprintf,CreateDirectoryA,CreateDirectoryA,GetTempPathA,CreateDirectoryA,GetTempPathA,SetFileAttributesA,_memset,0_2_00FCACD0
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\bamqdjw\mt2o4nrsazl5davsv.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		4
Windows Service		4
Windows Service		1
Masquerading		OS Credential Dumping12
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Service Execution		1
DLL Side-Loading		1
Process Injection		11
Virtualization/Sandbox Evasion		LSASS Memory141
Security Software Discovery		Remote Desktop ProtocolData from Removable Media4
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts4
Native API		Logon Script (Windows)1
DLL Side-Loading		1
Process Injection		Security Account Manager11
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS2
Process Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials1
System Service Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSync1
System Network Configuration Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
File and Directory Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow14
System Information Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1530008 Sample: 25XrVZw56S.exe Startdate: 09/10/2024 Architecture: WINDOWS Score: 96 37 variousneedle.net 2->37 39 variousenough.net 2->39 41 117 other IPs or domains 2->41 61 Suricata IDS alerts for network traffic 2->61 63 Antivirus / Scanner detection for submitted sample 2->63 65 Multi AV Scanner detection for submitted file 2->65 67 3 other signatures 2->67 9 erewpegtq.exe 10 2->9         started        14 25XrVZw56S.exe 6 2->14         started        signatures3 process4 dnsIp5 49 forwardcompany.net 34.218.204.173, 50245, 50404, 50467 AMAZON-02US United States 9->49 51 returnneedle.net 54.244.188.177, 49730, 50397, 50458 AMAZON-02US United States 9->51 53 2 other IPs or domains 9->53 33 C:\bamqdjw\czmruiag.exe, PE32 9->33 dropped 69 Antivirus detection for dropped file 9->69 71 Multi AV Scanner detection for dropped file 9->71 73 Machine Learning detection for dropped file 9->73 16 czmruiag.exe 4 9->16         started        35 C:\bamqdjw\mt2o4nrsazl5davsv.exe, PE32 14->35 dropped 19 mt2o4nrsazl5davsv.exe 10 14->19         started        file6 signatures7 process8 file9 55 Antivirus detection for dropped file 16->55 57 Multi AV Scanner detection for dropped file 16->57 59 Machine Learning detection for dropped file 16->59 22 erewpegtq.exe 8 16->22         started        31 C:\bamqdjw\erewpegtq.exe, PE32 19->31 dropped 25 conhost.exe 19->25         started        27 erewpegtq.exe 4 19->27         started        signatures10 process11 dnsIp12 43 requireneedle.net 22->43 45 gentleneedle.net 22->45 47 5 other IPs or domains 22->47 29 czmruiag.exe 4 22->29         started        process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
25XrVZw56S.exe89%ReversingLabsWin32.Spyware.Nivdort
25XrVZw56S.exe100%AviraHEUR/AGEN.1318777
25XrVZw56S.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\bamqdjw\mt2o4nrsazl5davsv.exe100%AviraHEUR/AGEN.1318777
C:\bamqdjw\czmruiag.exe100%AviraHEUR/AGEN.1318777
C:\bamqdjw\erewpegtq.exe100%AviraHEUR/AGEN.1318777
C:\bamqdjw\mt2o4nrsazl5davsv.exe100%Joe Sandbox ML
C:\bamqdjw\czmruiag.exe100%Joe Sandbox ML
C:\bamqdjw\erewpegtq.exe100%Joe Sandbox ML
C:\bamqdjw\czmruiag.exe89%ReversingLabsWin32.Spyware.Nivdort
C:\bamqdjw\erewpegtq.exe89%ReversingLabsWin32.Spyware.Nivdort
C:\bamqdjw\mt2o4nrsazl5davsv.exe89%ReversingLabsWin32.Spyware.Nivdort

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
returnneedle.net
54.244.188.177
truetrue
    		unknown
    7450.bodis.com
    		199.59.243.227
    		truefalse
      		unknown
      heavycover.net
      		162.43.112.11
      		truefalse
        		unknown
        forwardcompany.net
        		34.218.204.173
        		truetrue
          		unknown
          hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com
          		52.71.57.184
          		truefalse
            		unknown
            gentlecompany.net
            		103.169.142.0
            		truefalse
              		unknown
              leadercompany.net
              		185.111.247.38
              		truefalse
                		unknown
                ordercompany.net
                		210.157.78.4
                		truefalse
                  		unknown
                  gentlegovern.net
                  		unknown
                  		unknowntrue
                    		unknown
                    variouscover.net
                    		unknown
                    		unknowntrue
                      		unknown
                      leaderneedle.net
                      		unknown
                      		unknowntrue
                        		unknown
                        leadercover.net
                        		unknown
                        		unknowntrue
                          		unknown
                          heavyfurther.net
                          		unknown
                          		unknowntrue
                            		unknown
                            forwardbecome.net
                            		unknown
                            		unknowntrue
                              		unknown
                              requireenough.net
                              		unknown
                              		unknowntrue
                                		unknown
                                answergovern.net
                                		unknown
                                		unknowntrue
                                  		unknown
                                  answercompany.net
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    orderfurther.net
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      gentlecover.net
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        difficultneedle.net
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          pleasantfurther.net
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            heavybecome.net
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              leaderfurther.net
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                heavenenough.net
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  heavenbecome.net
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    necessaryneedle.net
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      forwardfurther.net
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        pleasantcover.net
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          requireneedle.net
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            difficultenough.net
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              glasscompany.net
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                heavencompany.net
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  heardnature.net
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    heavyenough.net
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      requirefurther.net
                                                                      		unknown
                                                                      		unknowntrue
                                                                        		unknown
                                                                        glassgovern.net
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          difficultcompany.net
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown
                                                                            returnnature.net
                                                                            		unknown
                                                                            		unknowntrue
                                                                              		unknown
                                                                              gentlenature.net
                                                                              		unknown
                                                                              		unknowntrue
                                                                                		unknown
                                                                                necessaryfurther.net
                                                                                		unknown
                                                                                		unknowntrue
                                                                                  		unknown
                                                                                  pleasantbecome.net
                                                                                  		unknown
                                                                                  		unknowntrue
                                                                                    		unknown
                                                                                    degreecompany.net
                                                                                    		unknown
                                                                                    		unknowntrue
                                                                                      		unknown
                                                                                      requirebecome.net
                                                                                      		unknown
                                                                                      		unknowntrue
                                                                                        		unknown
                                                                                        necessarybecome.net
                                                                                        		unknown
                                                                                        		unknowntrue
                                                                                          		unknown
                                                                                          orderenough.net
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown
                                                                                            necessarygovern.net
                                                                                            		unknown
                                                                                            		unknowntrue
                                                                                              		unknown
                                                                                              glassenough.net
                                                                                              		unknown
                                                                                              		unknowntrue
                                                                                                		unknown
                                                                                                pleasantneedle.net
                                                                                                		unknown
                                                                                                		unknowntrue
                                                                                                  		unknown
                                                                                                  gentleneedle.net
                                                                                                  		unknown
                                                                                                  		unknowntrue
                                                                                                    		unknown
                                                                                                    ordernature.net
                                                                                                    		unknown
                                                                                                    		unknowntrue
                                                                                                      		unknown
                                                                                                      heavyneedle.net
                                                                                                      		unknown
                                                                                                      		unknowntrue
                                                                                                        		unknown
                                                                                                        leaderbecome.net
                                                                                                        		unknown
                                                                                                        		unknowntrue
                                                                                                          		unknown
                                                                                                          answercover.net
                                                                                                          		unknown
                                                                                                          		unknowntrue
                                                                                                            		unknown
                                                                                                            pleasantnature.net
                                                                                                            		unknown
                                                                                                            		unknowntrue
                                                                                                              		unknown
                                                                                                              returnenough.net
                                                                                                              		unknown
                                                                                                              		unknowntrue
                                                                                                                		unknown
                                                                                                                heavycompany.net
                                                                                                                		unknown
                                                                                                                		unknowntrue
                                                                                                                  		unknown
                                                                                                                  heardenough.net
                                                                                                                  		unknown
                                                                                                                  		unknowntrue
                                                                                                                    		unknown
                                                                                                                    requiregovern.net
                                                                                                                    		unknown
                                                                                                                    		unknowntrue
                                                                                                                      		unknown
                                                                                                                      pleasantcompany.net
                                                                                                                      		unknown
                                                                                                                      		unknowntrue
                                                                                                                        		unknown
                                                                                                                        orderbecome.net
                                                                                                                        		unknown
                                                                                                                        		unknowntrue
                                                                                                                          		unknown
                                                                                                                          gentlefurther.net
                                                                                                                          		unknown
                                                                                                                          		unknowntrue
                                                                                                                            		unknown
                                                                                                                            pleasantenough.net
                                                                                                                            		unknown
                                                                                                                            		unknowntrue
                                                                                                                              		unknown
                                                                                                                              forwardcover.net
                                                                                                                              		unknown
                                                                                                                              		unknowntrue
                                                                                                                                		unknown
                                                                                                                                necessaryenough.net
                                                                                                                                		unknown
                                                                                                                                		unknowntrue
                                                                                                                                  		unknown
                                                                                                                                  heardneedle.net
                                                                                                                                  		unknown
                                                                                                                                  		unknowntrue
                                                                                                                                    		unknown
                                                                                                                                    glassneedle.net
                                                                                                                                    		unknown
                                                                                                                                    		unknowntrue
                                                                                                                                      		unknown
                                                                                                                                      heavygovern.net
                                                                                                                                      		unknown
                                                                                                                                      		unknowntrue
                                                                                                                                        		unknown
                                                                                                                                        necessarycover.net
                                                                                                                                        		unknown
                                                                                                                                        		unknowntrue
                                                                                                                                          		unknown
                                                                                                                                          difficultnature.net
                                                                                                                                          		unknown
                                                                                                                                          		unknowntrue
                                                                                                                                            		unknown
                                                                                                                                            pleasantgovern.net
                                                                                                                                            		unknown
                                                                                                                                            		unknowntrue
                                                                                                                                              		unknown
                                                                                                                                              variousenough.net
                                                                                                                                              		unknown
                                                                                                                                              		unknowntrue
                                                                                                                                                		unknown
                                                                                                                                                variousbecome.net
                                                                                                                                                		unknown
                                                                                                                                                		unknowntrue
                                                                                                                                                  		unknown
                                                                                                                                                  answerenough.net
                                                                                                                                                  		unknown
                                                                                                                                                  		unknowntrue
                                                                                                                                                    		unknown
                                                                                                                                                    requirecompany.net
                                                                                                                                                    		unknown
                                                                                                                                                    		unknowntrue
                                                                                                                                                      		unknown
                                                                                                                                                      heardcompany.net
                                                                                                                                                      		unknown
                                                                                                                                                      		unknowntrue
                                                                                                                                                        		unknown
                                                                                                                                                        difficultcover.net
                                                                                                                                                        		unknown
                                                                                                                                                        		unknowntrue
                                                                                                                                                          		unknown
                                                                                                                                                          glasscover.net
                                                                                                                                                          		unknown
                                                                                                                                                          		unknowntrue
                                                                                                                                                            		unknown
                                                                                                                                                            requirenature.net
                                                                                                                                                            		unknown
                                                                                                                                                            		unknowntrue
                                                                                                                                                              		unknown
                                                                                                                                                              gentleenough.net
                                                                                                                                                              		unknown
                                                                                                                                                              		unknowntrue
                                                                                                                                                                		unknown
                                                                                                                                                                gentlebecome.net
                                                                                                                                                                		unknown
                                                                                                                                                                		unknowntrue
                                                                                                                                                                  		unknown
                                                                                                                                                                  ordergovern.net
                                                                                                                                                                  		unknown
                                                                                                                                                                  		unknowntrue
                                                                                                                                                                    		unknown
                                                                                                                                                                    answerbecome.net
                                                                                                                                                                    		unknown
                                                                                                                                                                    		unknowntrue
                                                                                                                                                                      		unknown
                                                                                                                                                                      necessarynature.net
                                                                                                                                                                      		unknown
                                                                                                                                                                      		unknowntrue
                                                                                                                                                                        		unknown
                                                                                                                                                                        ordercover.net
                                                                                                                                                                        		unknown
                                                                                                                                                                        		unknowntrue
                                                                                                                                                                          		unknown
                                                                                                                                                                          answerfurther.net
                                                                                                                                                                          		unknown
                                                                                                                                                                          		unknowntrue
                                                                                                                                                                            		unknown
                                                                                                                                                                            glassnature.net
                                                                                                                                                                            		unknown
                                                                                                                                                                            		unknowntrue
                                                                                                                                                                              		unknown
                                                                                                                                                                              variousneedle.net
                                                                                                                                                                              		unknown
                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                		unknown
                                                                                                                                                                                returncover.net
                                                                                                                                                                                		unknown
                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  degreefurther.net
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    difficultgovern.net
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      leadernature.net
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        glassfurther.net
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          answerneedle.net
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          		unknowntrue
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            degreecover.net
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            		unknowntrue
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              heardgovern.net
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                heavennature.net
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  heavenfurther.net
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    returnfurther.net
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      difficultfurther.net
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        necessarycompany.net
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          URLs from Memory and Binaries

                                                                                                                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          https://www.google.comerewpegtq.exe, 00000002.00000002.2455125863.00000000014AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://gentlecompany.net/index.phperewpegtq.exe, 00000008.00000002.2941723598.0000000001D7D000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              34.218.204.173
                                                                                                                                                                                                              		forwardcompany.netUnited States
                                                                                                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                                                                                                              210.157.78.4
                                                                                                                                                                                                              		ordercompany.netJapan2510INFOWEBFUJITSULIMITEDJPfalse
                                                                                                                                                                                                              103.169.142.0
                                                                                                                                                                                                              		gentlecompany.netunknown
                                                                                                                                                                                                              		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
                                                                                                                                                                                                              54.244.188.177
                                                                                                                                                                                                              		returnneedle.netUnited States
                                                                                                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                                                                                                              199.59.243.227
                                                                                                                                                                                                              		7450.bodis.comUnited States
                                                                                                                                                                                                              		395082BODIS-NJUSfalse
                                                                                                                                                                                                              162.43.112.11
                                                                                                                                                                                                              		heavycover.netUnited States
                                                                                                                                                                                                              		11333CYBERTRAILSUSfalse
                                                                                                                                                                                                              52.71.57.184
                                                                                                                                                                                                              		hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.comUnited States
                                                                                                                                                                                                              		14618AMAZON-AESUSfalse
                                                                                                                                                                                                              54.209.32.212
                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                              		14618AMAZON-AESUSfalse
                                                                                                                                                                                                              185.111.247.38
                                                                                                                                                                                                              		leadercompany.netTurkey
                                                                                                                                                                                                              		209711MUVHOSTTRfalse

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1530008
                                                                                                                                                                                                              Start date and time:2024-10-09 16:26:24 +02:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 7m 10s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:11
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:25XrVZw56S.exe
                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                              Original Sample Name:6ba07e3e540b3a47a2a136c0320e55b4ba6e388241e7408ebee798c92ae324d9.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal96.troj.evad.winEXE@13/6@408/9
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 99%
                                                                                                                                                                                                              • Number of executed functions: 64
                                                                                                                                                                                                              • Number of non-executed functions: 140
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                              • VT rate limit hit for: 25XrVZw56S.exe

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              10:27:50API Interceptor1938x Sleep call for process: czmruiag.exe modified
                                                                                                                                                                                                              10:27:58API Interceptor763x Sleep call for process: erewpegtq.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              34.218.204.173oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • forwardcompany.net/index.php
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • forwardcompany.net/index.php
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • forwardcompany.net/index.php
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • forwardcompany.net/index.php
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • forwardcompany.net/index.php
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • forwardcompany.net/index.php
                                                                                                                                                                                                              LisectAVT_2403002B_290.exeGet hashmaliciousBdaejecBrowse
                                                                                                                                                                                                              • eiifngjfksisiufjf.biz/tldr.php?newinf=1
                                                                                                                                                                                                              Bn0VHqJWSS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • eveningbecome.net/index.php
                                                                                                                                                                                                              gZVfHNoTGQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • eveningbecome.net/index.php
                                                                                                                                                                                                              Bn0VHqJWSS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • eveningbecome.net/index.php
                                                                                                                                                                                                              210.157.78.4oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ordercompany.net/index.php
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ordercompany.net/index.php
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ordercompany.net/index.php
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ordercompany.net/index.php
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ordercompany.net/index.php
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ordercompany.net/index.php

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              returnneedle.netoUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.244.188.177
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.244.188.177
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.244.188.177
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.244.188.177
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.244.188.177
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.244.188.177
                                                                                                                                                                                                              7450.bodis.comoUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                              https://pokerfanboy.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                              https://mx1.margarettaphilomena.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                              nBjauMrrmC.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                              forwardcompany.netoUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.218.204.173
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.218.204.173
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.218.204.173
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.218.204.173
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.218.204.173
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.218.204.173
                                                                                                                                                                                                              heavycover.netoUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.43.112.11
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.43.112.11
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.43.112.11
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.43.112.11
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.43.112.11
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.43.112.11
                                                                                                                                                                                                              hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.comJUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.71.57.184
                                                                                                                                                                                                              fp86koPm8O.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.71.57.184
                                                                                                                                                                                                              firmware.i586.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.71.57.184
                                                                                                                                                                                                              play.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 52.71.57.184
                                                                                                                                                                                                              http://finde-mich-hier.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.209.32.212
                                                                                                                                                                                                              bSecDbrnMO4yqnP.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                              • 52.71.57.184
                                                                                                                                                                                                              FXja4SyAYs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.209.32.212
                                                                                                                                                                                                              Jla3M8Fe16.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.71.57.184
                                                                                                                                                                                                              uTorrent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.71.57.184
                                                                                                                                                                                                              KY9D34Qh8d.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.71.57.184

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              AMAZON-02UShttps://travelofarecom.wordpress.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              • 3.254.33.149
                                                                                                                                                                                                              http://email.mx02.email-max.com/c/eJw8zrFy8iAAAOCnge33EEjAgcE_LVFrvcb0Wu3iQQDDBaLGxIt9-p4dOn_LZ0Q1m6HKQiumDHPKKCMM1kI7rozj1BnmEj5DjjuiqCOGpJozXkEvkjSdpoQiQFEc0XRio_LhX1TjpDpFGETd92dA5gBLgOWptcG3jTcPBFj2AEuaFV_LN7Tf7-7_E7QaLx3Khxw1K71E-e6pxgnA8naZl8-fi_O2zV77fN583DZDuZZZua1d-b3JYlduxvXw0haq6oti8d55GeyoOt_CeD9Ee72qoz148_eFnVDa2OCDqidKm9PQaEDR8dH_rd8E_gkAAP__7g5YOwGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                              • 18.239.83.18
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                              https://videostreamingsettlement.simplurisdev.com/form/choiceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.31.162.222
                                                                                                                                                                                                              345831980-17357046212.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.217.11.44
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                              345831980-17357046212.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.92.237.50
                                                                                                                                                                                                              https://forms.zohopublic.com/tracyesmith/form/Processing/formperma/OwRtaxn46xyHexOvW9NGSoRj4ULObTZIo3_-Cp_3oLEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.239.18.76
                                                                                                                                                                                                              AARNET-AS-APAustralianAcademicandResearchNetworkAARNeoUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 103.169.142.0
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 103.169.142.0
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 103.169.142.0
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 103.169.142.0
                                                                                                                                                                                                              AYV0eq1Gyc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 103.191.208.122
                                                                                                                                                                                                              GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 103.191.208.122
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 103.169.142.0
                                                                                                                                                                                                              xQOrkxePXD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                              • 103.186.117.228
                                                                                                                                                                                                              GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 103.191.208.122
                                                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                              • 103.33.73.172
                                                                                                                                                                                                              INFOWEBFUJITSULIMITEDJPoUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 210.157.78.4
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 210.157.78.4
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 210.157.78.4
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 210.157.78.4
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 210.157.78.4
                                                                                                                                                                                                              4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 210.157.78.4
                                                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                              • 115.176.47.87
                                                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                              • 125.3.3.221
                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 121.94.184.93
                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 218.226.230.115
                                                                                                                                                                                                              AMAZON-02UShttps://travelofarecom.wordpress.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              • 3.254.33.149
                                                                                                                                                                                                              http://email.mx02.email-max.com/c/eJw8zrFy8iAAAOCnge33EEjAgcE_LVFrvcb0Wu3iQQDDBaLGxIt9-p4dOn_LZ0Q1m6HKQiumDHPKKCMM1kI7rozj1BnmEj5DjjuiqCOGpJozXkEvkjSdpoQiQFEc0XRio_LhX1TjpDpFGETd92dA5gBLgOWptcG3jTcPBFj2AEuaFV_LN7Tf7-7_E7QaLx3Khxw1K71E-e6pxgnA8naZl8-fi_O2zV77fN583DZDuZZZua1d-b3JYlduxvXw0haq6oti8d55GeyoOt_CeD9Ee72qoz148_eFnVDa2OCDqidKm9PQaEDR8dH_rd8E_gkAAP__7g5YOwGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                              • 18.239.83.18
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                              https://videostreamingsettlement.simplurisdev.com/form/choiceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.31.162.222
                                                                                                                                                                                                              345831980-17357046212.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.217.11.44
                                                                                                                                                                                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                              345831980-17357046212.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.92.237.50
                                                                                                                                                                                                              https://forms.zohopublic.com/tracyesmith/form/Processing/formperma/OwRtaxn46xyHexOvW9NGSoRj4ULObTZIo3_-Cp_3oLEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.239.18.76

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                              C:\Windows\bamqdjw\txadnumgtelp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\25XrVZw56S.exe
                                                                                                                                                                                                              File Type:OpenPGP Public Key
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12
                                                                                                                                                                                                              Entropy (8bit):3.418295834054489
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:TJkBw2H:dy
                                                                                                                                                                                                              MD5:51370537A215E7B9AC1FF93754EC9285
                                                                                                                                                                                                              SHA1:62FD15F9C823DF06ABB425067E7C67B01416515E
                                                                                                                                                                                                              SHA-256:0703F3CE2F5C29DB5281579503C452B621E5BD5CAE436D92B5A965965634015A
                                                                                                                                                                                                              SHA-512:7259A4EEE45F3508AB9A6FA8372C8123039D7BD8ED7A0908022CAD4F48DD5E9425DEC8E6F97592ECBAD039E575126390C70A9F4D176CDD71E1291512F146CD92
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:.lkO.dkz.6n

                                                                                                                                                                                                              C:\bamqdjw\czmruiag.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):442368
                                                                                                                                                                                                              Entropy (8bit):6.754278551913293
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:QwIZebrlwdZcNMvKwcYP59nxvetLxuR/hcfqaguOY/vS02eEKxv3X:RIZeGnsYB9nxGqR/hrag/Y/hpt3X
                                                                                                                                                                                                              MD5:D2965931E5463A26443A022B95EDF5D4
                                                                                                                                                                                                              SHA1:6BFDE34CE3D9EF20F5265FF5045FD2411A9F3655
                                                                                                                                                                                                              SHA-256:6BA07E3E540B3A47A2A136C0320E55B4BA6E388241E7408EBEE798C92AE324D9
                                                                                                                                                                                                              SHA-512:40F50D45CDDCB91AAF66B55A5BD7352549A28DA0EE8A221F433697C439D3102AC69298314E51C050F94A895A95A5C4F72B1A71038CFDE0690758515AF6570B1D
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 89%
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oe..+..M+..M+..M...M(..M+..Mu..M...M)..M&V.M7..M&V3M...M&V2M...MV}2M*..MV}.M*..MRich+..M........PE..L.....CV.................T...................p....@.......................................@..................................F..(................................j...................................2..@............p..|............................text....R.......T.................. ..`.rdata..F....p.......X..............@..@.data...\E...P.......8..............@....reloc...j.......l...T..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\bamqdjw\erewpegtq.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\bamqdjw\mt2o4nrsazl5davsv.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):442368
                                                                                                                                                                                                              Entropy (8bit):6.754278551913293
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:QwIZebrlwdZcNMvKwcYP59nxvetLxuR/hcfqaguOY/vS02eEKxv3X:RIZeGnsYB9nxGqR/hrag/Y/hpt3X
                                                                                                                                                                                                              MD5:D2965931E5463A26443A022B95EDF5D4
                                                                                                                                                                                                              SHA1:6BFDE34CE3D9EF20F5265FF5045FD2411A9F3655
                                                                                                                                                                                                              SHA-256:6BA07E3E540B3A47A2A136C0320E55B4BA6E388241E7408EBEE798C92AE324D9
                                                                                                                                                                                                              SHA-512:40F50D45CDDCB91AAF66B55A5BD7352549A28DA0EE8A221F433697C439D3102AC69298314E51C050F94A895A95A5C4F72B1A71038CFDE0690758515AF6570B1D
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 89%
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oe..+..M+..M+..M...M(..M+..Mu..M...M)..M&V.M7..M&V3M...M&V2M...MV}2M*..MV}.M*..MRich+..M........PE..L.....CV.................T...................p....@.......................................@..................................F..(................................j...................................2..@............p..|............................text....R.......T.................. ..`.rdata..F....p.......X..............@..@.data...\E...P.......8..............@....reloc...j.......l...T..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\bamqdjw\mt2o4nrsazl5davsv.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\25XrVZw56S.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):442368
                                                                                                                                                                                                              Entropy (8bit):6.754278551913293
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:QwIZebrlwdZcNMvKwcYP59nxvetLxuR/hcfqaguOY/vS02eEKxv3X:RIZeGnsYB9nxGqR/hrag/Y/hpt3X
                                                                                                                                                                                                              MD5:D2965931E5463A26443A022B95EDF5D4
                                                                                                                                                                                                              SHA1:6BFDE34CE3D9EF20F5265FF5045FD2411A9F3655
                                                                                                                                                                                                              SHA-256:6BA07E3E540B3A47A2A136C0320E55B4BA6E388241E7408EBEE798C92AE324D9
                                                                                                                                                                                                              SHA-512:40F50D45CDDCB91AAF66B55A5BD7352549A28DA0EE8A221F433697C439D3102AC69298314E51C050F94A895A95A5C4F72B1A71038CFDE0690758515AF6570B1D
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 89%
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oe..+..M+..M+..M...M(..M+..Mu..M...M)..M&V.M7..M&V3M...M&V2M...MV}2M*..MV}.M*..MRich+..M........PE..L.....CV.................T...................p....@.......................................@..................................F..(................................j...................................2..@............p..|............................text....R.......T.................. ..`.rdata..F....p.......X..............@..@.data...\E...P.......8..............@....reloc...j.......l...T..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\bamqdjw\txadnumgtelp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\25XrVZw56S.exe
                                                                                                                                                                                                              File Type:OpenPGP Public Key
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12
                                                                                                                                                                                                              Entropy (8bit):3.418295834054489
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:TJkBw2H:dy
                                                                                                                                                                                                              MD5:51370537A215E7B9AC1FF93754EC9285
                                                                                                                                                                                                              SHA1:62FD15F9C823DF06ABB425067E7C67B01416515E
                                                                                                                                                                                                              SHA-256:0703F3CE2F5C29DB5281579503C452B621E5BD5CAE436D92B5A965965634015A
                                                                                                                                                                                                              SHA-512:7259A4EEE45F3508AB9A6FA8372C8123039D7BD8ED7A0908022CAD4F48DD5E9425DEC8E6F97592ECBAD039E575126390C70A9F4D176CDD71E1291512F146CD92
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:.lkO.dkz.6n

                                                                                                                                                                                                              C:\bamqdjw\y7sukma

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                              Entropy (8bit):2.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:G4:v
                                                                                                                                                                                                              MD5:A2EBB6D9A6052B77382278ABCD813BE9
                                                                                                                                                                                                              SHA1:4E019834606FA55680740BD9063883B69B0C03B3
                                                                                                                                                                                                              SHA-256:474A709CA3B343BB9CD3E9A38B5C32FA7167CF2EBF94832D799E66A250A50930
                                                                                                                                                                                                              SHA-512:F176A91F0C5D9A033FA093DA52E63BAE52E797F3FB5F42D209489DE88C019B1BFA66328C5F5938051CA9396989775E5EFEB083B74FBC33FF07F8431EFC944D0D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:_}..

                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Entropy (8bit):6.754278551913293
                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                              File name:25XrVZw56S.exe
                                                                                                                                                                                                              File size:442'368 bytes
                                                                                                                                                                                                              MD5:d2965931e5463a26443a022b95edf5d4
                                                                                                                                                                                                              SHA1:6bfde34ce3d9ef20f5265ff5045fd2411a9f3655
                                                                                                                                                                                                              SHA256:6ba07e3e540b3a47a2a136c0320e55b4ba6e388241e7408ebee798c92ae324d9
                                                                                                                                                                                                              SHA512:40f50d45cddcb91aaf66b55a5bd7352549a28da0ee8a221f433697c439d3102ac69298314e51c050f94a895a95a5c4f72b1a71038cfde0690758515af6570b1d
                                                                                                                                                                                                              SSDEEP:6144:QwIZebrlwdZcNMvKwcYP59nxvetLxuR/hcfqaguOY/vS02eEKxv3X:RIZeGnsYB9nxGqR/hrag/Y/hpt3X
                                                                                                                                                                                                              TLSH:77945B0430D3D136E4A3A1F68A7AA32691BD7A6023B549C7AFD44D5C4FA84D0BF7721E
                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oe..+..M+..M+..M...M(..M+..Mu..M...M)..M&V.M7..M&V3M...M&V2M...MV}2M*..MV}.M*..MRich+..M........PE..L.....CV.................T.

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Entrypoint:0x42eea4
                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                              Time Stamp:0x5643CC86 [Wed Nov 11 23:17:26 2015 UTC]
                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                              OS Version Minor:1
                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                              File Version Minor:1
                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                                                                                              Import Hash:0766f11ac9fb2b35dec02aa0639d9b13

                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                              call 00007FEDC9288351h
                                                                                                                                                                                                              jmp 00007FEDC927AE95h
                                                                                                                                                                                                              push 00000014h
                                                                                                                                                                                                              push 00463DE8h
                                                                                                                                                                                                              call 00007FEDC927BDCBh
                                                                                                                                                                                                              call 00007FEDC927C8C9h
                                                                                                                                                                                                              movzx esi, ax
                                                                                                                                                                                                              push 00000002h
                                                                                                                                                                                                              call 00007FEDC92882E4h
                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                              mov eax, 00005A4Dh
                                                                                                                                                                                                              cmp word ptr [00400000h], ax
                                                                                                                                                                                                              je 00007FEDC927AE96h
                                                                                                                                                                                                              xor ebx, ebx
                                                                                                                                                                                                              jmp 00007FEDC927AEC5h
                                                                                                                                                                                                              mov eax, dword ptr [0040003Ch]
                                                                                                                                                                                                              cmp dword ptr [eax+00400000h], 00004550h
                                                                                                                                                                                                              jne 00007FEDC927AE7Dh
                                                                                                                                                                                                              mov ecx, 0000010Bh
                                                                                                                                                                                                              cmp word ptr [eax+00400018h], cx
                                                                                                                                                                                                              jne 00007FEDC927AE6Fh
                                                                                                                                                                                                              xor ebx, ebx
                                                                                                                                                                                                              cmp dword ptr [eax+00400074h], 0Eh
                                                                                                                                                                                                              jbe 00007FEDC927AE9Bh
                                                                                                                                                                                                              cmp dword ptr [eax+004000E8h], ebx
                                                                                                                                                                                                              setne bl
                                                                                                                                                                                                              mov dword ptr [ebp-1Ch], ebx
                                                                                                                                                                                                              call 00007FEDC927EA11h
                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                              jne 00007FEDC927AE9Ah
                                                                                                                                                                                                              push 0000001Ch
                                                                                                                                                                                                              call 00007FEDC927AFB7h
                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                              call 00007FEDC927E967h
                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                              jne 00007FEDC927AE9Ah
                                                                                                                                                                                                              push 00000010h
                                                                                                                                                                                                              call 00007FEDC927AFA6h
                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                              call 00007FEDC927C429h
                                                                                                                                                                                                              and dword ptr [ebp-04h], 00000000h
                                                                                                                                                                                                              call 00007FEDC92864F9h
                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                              jns 00007FEDC927AE9Ah
                                                                                                                                                                                                              push 0000001Bh
                                                                                                                                                                                                              call 00007FEDC927AF8Ch
                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                              call dword ptr [00457034h]
                                                                                                                                                                                                              mov dword ptr [00469544h], eax
                                                                                                                                                                                                              call 00007FEDC9288338h
                                                                                                                                                                                                              mov dword ptr [00467600h], eax
                                                                                                                                                                                                              call 00007FEDC9287F35h
                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                              jns 00007FEDC927AE9Ah

                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                              • [ASM] VS2013 build 21005
                                                                                                                                                                                                              • [ C ] VS2013 build 21005
                                                                                                                                                                                                              • [C++] VS2013 build 21005
                                                                                                                                                                                                              • [C++] VS2013 UPD4 build 31101
                                                                                                                                                                                                              • [LNK] VS2013 UPD4 build 31101

                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x6469c0x28.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x6a0000x6ab0.reloc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x632d00x40.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x570000x17c.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                              Sections

                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                              .text0x10000x552010x554009215b304eeb92c502ca29b33dc3b8d8dFalse0.49784927144428154data6.588366382936304IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .rdata0x570000xdf460xe0002a0dc6f8431d9ad754bf3a20a094e6bdFalse0.5607561383928571data5.901302880862981IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .data0x650000x455c0x1c007cf078597e38cdc91ff0cd29bb7986e7False0.41587611607142855data4.377538071984764IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .reloc0x6a0000x6ab00x6c003cc9d3ae258c1ff551117df257cc3a03False0.7344473379629629data6.795471824368773IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                              Imports

                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                              KERNEL32.dllGetModuleHandleA, GetProcAddress, EncodePointer, DecodePointer, GetLastError, ExitProcess, GetModuleHandleExW, AreFileApisANSI, MultiByteToWideChar, WideCharToMultiByte, HeapFree, HeapAlloc, GetSystemTimeAsFileTime, GetCommandLineA, RaiseException, RtlUnwind, IsProcessorFeaturePresent, HeapSize, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, FatalAppExitA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetTickCount, GetModuleHandleW, CreateSemaphoreW, GetStdHandle, WriteFile, GetModuleFileNameW, SetConsoleCtrlHandler, FreeLibrary, LoadLibraryExW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCurrentThread, GetCurrentThreadId, GetProcessHeap, FindClose, FindFirstFileExW, GetDriveTypeW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, CloseHandle, FlushFileBuffers, GetConsoleCP, GetConsoleMode, GetFileType, GetModuleFileNameA, QueryPerformanceCounter, GetCurrentProcessId, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapReAlloc, OutputDebugStringW, GetStringTypeW, FileTimeToLocalFileTime, GetFileInformationByHandle, PeekNamedPipe, GetFullPathNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, CreateFileW, SetStdHandle, SetFilePointerEx, WriteConsoleW, GetTimeZoneInformation, SetEndOfFile, ReadFile, ReadConsoleW, GetFullPathNameA, SetEnvironmentVariableA

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                              2024-10-09T16:27:22.073475+02002815568ETPRO MALWARE Terse HTTP 1.0 Request Possible Nivdort1192.168.2.44973054.244.188.17780TCP
                                                                                                                                                                                                              2024-10-09T16:27:22.073475+02002820680ETPRO MALWARE W32/Bayrob Attempted Checkin 21192.168.2.44973054.244.188.17780TCP
                                                                                                                                                                                                              2024-10-09T16:27:22.078360+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.449730TCP
                                                                                                                                                                                                              2024-10-09T16:27:22.078360+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.449730TCP
                                                                                                                                                                                                              2024-10-09T16:27:22.372050+02002811542ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (net)11.1.1.153192.168.2.464469UDP
                                                                                                                                                                                                              2024-10-09T16:28:39.802352+02002815568ETPRO MALWARE Terse HTTP 1.0 Request Possible Nivdort1192.168.2.45039754.244.188.17780TCP
                                                                                                                                                                                                              2024-10-09T16:28:39.802352+02002820680ETPRO MALWARE W32/Bayrob Attempted Checkin 21192.168.2.45039754.244.188.17780TCP
                                                                                                                                                                                                              2024-10-09T16:28:49.643108+02002811542ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (net)11.1.1.153192.168.2.452475UDP
                                                                                                                                                                                                              2024-10-09T16:28:52.061806+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.218.204.17380192.168.2.450467TCP
                                                                                                                                                                                                              2024-10-09T16:28:52.061806+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.218.204.17380192.168.2.450467TCP

                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.337160110 CEST4973080192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.342119932 CEST804973054.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.342273951 CEST4973080192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.342403889 CEST4973080192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.347309113 CEST804973054.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.072129965 CEST804973054.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.073348999 CEST804973054.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.073474884 CEST4973080192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.073474884 CEST4973080192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.078360081 CEST804973054.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.316868067 CEST5024580192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.323628902 CEST805024534.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.323703051 CEST5024580192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.323750019 CEST5024580192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.330549955 CEST805024534.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.080430031 CEST805024534.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.081770897 CEST805024534.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.081856966 CEST5024580192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.081933975 CEST5024580192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.086755037 CEST805024534.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.458663940 CEST5024680192.168.2.452.71.57.184
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.464812994 CEST805024652.71.57.184192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.464903116 CEST5024680192.168.2.452.71.57.184
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.464997053 CEST5024680192.168.2.452.71.57.184
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.470808983 CEST805024652.71.57.184192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.951749086 CEST805024652.71.57.184192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.951776028 CEST805024652.71.57.184192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.951878071 CEST5024680192.168.2.452.71.57.184
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.951960087 CEST5024680192.168.2.452.71.57.184
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.956792116 CEST805024652.71.57.184192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.585968971 CEST5024780192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.590868950 CEST8050247199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.590969086 CEST5024780192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.591036081 CEST5024780192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.595896006 CEST8050247199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.078423023 CEST8050247199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.078448057 CEST8050247199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.078460932 CEST8050247199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.078541994 CEST5024780192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.078572035 CEST5024780192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.078702927 CEST5024780192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.084701061 CEST8050247199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.063661098 CEST5039780192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.068547964 CEST805039754.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.068650007 CEST5039780192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.068682909 CEST5039780192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.073590994 CEST805039754.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.802243948 CEST805039754.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.802294016 CEST805039754.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.802351952 CEST5039780192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.802438974 CEST5039780192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.807442904 CEST805039754.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.196997881 CEST5040480192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.202621937 CEST805040434.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.202694893 CEST5040480192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.202727079 CEST5040480192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.208137989 CEST805040434.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.879479885 CEST805040434.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.879496098 CEST805040434.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.879503965 CEST805040434.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.879612923 CEST5040480192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.879645109 CEST5040480192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.879776001 CEST805040434.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.879816055 CEST5040480192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.880465031 CEST805040434.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.880511045 CEST5040480192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.889287949 CEST805040434.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.248538971 CEST5041480192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.253334045 CEST805041454.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.253520012 CEST5041480192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.253575087 CEST5041480192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.258474112 CEST805041454.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.731489897 CEST805041454.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.731848001 CEST805041454.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.732413054 CEST5041480192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.732913017 CEST5041480192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.737874031 CEST805041454.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.933646917 CEST5041880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.938553095 CEST8050418199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.938662052 CEST5041880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.938688040 CEST5041880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.944190025 CEST8050418199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.444996119 CEST8050418199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.445487976 CEST8050418199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.445521116 CEST8050418199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.445579052 CEST8050418199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.445625067 CEST5041880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.445657015 CEST5041880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.445817947 CEST5041880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.450700045 CEST8050418199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.181432009 CEST5045880192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.186306000 CEST805045854.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.186371088 CEST5045880192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.186424017 CEST5045880192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.191266060 CEST805045854.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.925986052 CEST805045854.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.926145077 CEST805045854.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.926320076 CEST5045880192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.926320076 CEST5045880192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.931202888 CEST805045854.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.291238070 CEST5046780192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.296946049 CEST805046734.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.297030926 CEST5046780192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.297095060 CEST5046780192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.303119898 CEST805046734.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.056229115 CEST805046734.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.056427956 CEST805046734.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.056469917 CEST5046780192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.056497097 CEST5046780192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.061805964 CEST805046734.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.167830944 CEST5047380192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.172657013 CEST805047354.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.172729969 CEST5047380192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.172791004 CEST5047380192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.177733898 CEST805047354.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.632476091 CEST805047354.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.632646084 CEST805047354.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.632704020 CEST5047380192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.632739067 CEST5047380192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.637610912 CEST805047354.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.120981932 CEST5048080192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.127734900 CEST8050480199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.127825975 CEST5048080192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.127873898 CEST5048080192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.132786989 CEST8050480199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.593441963 CEST8050480199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.593458891 CEST8050480199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.593555927 CEST5048080192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.593575001 CEST8050480199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.593628883 CEST5048080192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.593676090 CEST5048080192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.598431110 CEST8050480199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.551148891 CEST5048780192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.556787014 CEST8050487210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.556859016 CEST5048780192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.560416937 CEST5048780192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.565311909 CEST8050487210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.363424063 CEST8050487210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.363487005 CEST8050487210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.363524914 CEST8050487210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.363559008 CEST8050487210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.363564968 CEST5048780192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.363615990 CEST5048780192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.363683939 CEST5048780192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.368545055 CEST8050487210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.678030014 CEST5052380192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.683589935 CEST805052354.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.683676004 CEST5052380192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.683763027 CEST5052380192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.689603090 CEST805052354.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.401902914 CEST805052354.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.402239084 CEST805052354.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.402293921 CEST5052380192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.402354956 CEST5052380192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.407080889 CEST805052354.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.657883883 CEST5052980192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.663266897 CEST805052934.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.663345098 CEST5052980192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.663429022 CEST5052980192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.668653965 CEST805052934.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.385793924 CEST805052934.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.386218071 CEST805052934.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.386293888 CEST5052980192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.386329889 CEST5052980192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.391340017 CEST805052934.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.534049988 CEST5053180192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.539154053 CEST805053154.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.539288998 CEST5053180192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.539334059 CEST5053180192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.544224977 CEST805053154.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.000838041 CEST805053154.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.000960112 CEST805053154.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.001019001 CEST5053180192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.001085043 CEST5053180192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.006329060 CEST805053154.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.535056114 CEST5053280192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.539978981 CEST8050532199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.540112972 CEST5053280192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.540185928 CEST5053280192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.546087027 CEST8050532199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.018954039 CEST8050532199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.019299030 CEST8050532199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.019330025 CEST8050532199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.019419909 CEST5053280192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.019419909 CEST5053280192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.019462109 CEST5053280192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.024842978 CEST8050532199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.532557964 CEST5053380192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.537363052 CEST8050533210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.537482977 CEST5053380192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.537552118 CEST5053380192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.542402983 CEST8050533210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.731906891 CEST8050533210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.731923103 CEST8050533210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.731930017 CEST8050533210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.731947899 CEST8050533210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.731959105 CEST8050533210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.732007027 CEST8050533210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.732125998 CEST5053380192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.732125998 CEST5053380192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.732364893 CEST5053380192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.733041048 CEST8050533210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.733100891 CEST5053380192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.737544060 CEST8050533210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.999417067 CEST5053480192.168.2.4185.111.247.38
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.004560947 CEST8050534185.111.247.38192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.004779100 CEST5053480192.168.2.4185.111.247.38
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.004967928 CEST5053480192.168.2.4185.111.247.38
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.010490894 CEST8050534185.111.247.38192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.833544016 CEST8050534185.111.247.38192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.833931923 CEST8050534185.111.247.38192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.834034920 CEST5053480192.168.2.4185.111.247.38
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.834707022 CEST5053480192.168.2.4185.111.247.38
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.839569092 CEST8050534185.111.247.38192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.080616951 CEST5053580192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.085550070 CEST805053554.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.085625887 CEST5053580192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.085675001 CEST5053580192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.090579987 CEST805053554.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.040664911 CEST805053554.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.040694952 CEST805053554.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.040704966 CEST805053554.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.040791035 CEST5053580192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.041086912 CEST5053580192.168.2.454.244.188.177
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.046044111 CEST805053554.244.188.177192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.230146885 CEST5053680192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.234988928 CEST805053634.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.235075951 CEST5053680192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.235224962 CEST5053680192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.240082026 CEST805053634.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.986573935 CEST805053634.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.986593962 CEST805053634.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.986799955 CEST5053680192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.986836910 CEST5053680192.168.2.434.218.204.173
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.991719961 CEST805053634.218.204.173192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.122844934 CEST5053780192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.127693892 CEST805053754.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.127779961 CEST5053780192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.127835035 CEST5053780192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.132927895 CEST805053754.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.606399059 CEST805053754.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.606537104 CEST805053754.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.606646061 CEST5053780192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.607170105 CEST5053780192.168.2.454.209.32.212
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.612888098 CEST805053754.209.32.212192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.003959894 CEST5053880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.009037971 CEST8050538199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.009206057 CEST5053880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.009206057 CEST5053880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.015614033 CEST8050538199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.492477894 CEST8050538199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.492516994 CEST8050538199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.492558956 CEST8050538199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.492789030 CEST5053880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.492789030 CEST5053880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.492789984 CEST5053880192.168.2.4199.59.243.227
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.497756004 CEST8050538199.59.243.227192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.147420883 CEST5053980192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.153141022 CEST8050539210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.153242111 CEST5053980192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.153285027 CEST5053980192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.158224106 CEST8050539210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946599007 CEST8050539210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946628094 CEST8050539210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946638107 CEST8050539210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946649075 CEST8050539210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946731091 CEST8050539210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946754932 CEST5053980192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946800947 CEST5053980192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946847916 CEST5053980192.168.2.4210.157.78.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.951689005 CEST8050539210.157.78.4192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.155118942 CEST5054080192.168.2.4185.111.247.38
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.159955025 CEST8050540185.111.247.38192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.160058975 CEST5054080192.168.2.4185.111.247.38
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.160094023 CEST5054080192.168.2.4185.111.247.38
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.164926052 CEST8050540185.111.247.38192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.945862055 CEST8050540185.111.247.38192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.946409941 CEST8050540185.111.247.38192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.946542978 CEST5054080192.168.2.4185.111.247.38
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.947199106 CEST5054080192.168.2.4185.111.247.38
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.952038050 CEST8050540185.111.247.38192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.791923046 CEST5054180192.168.2.4162.43.112.11
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.796775103 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.796879053 CEST5054180192.168.2.4162.43.112.11
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.796945095 CEST5054180192.168.2.4162.43.112.11
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.802078962 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620116949 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620131969 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620270967 CEST5054180192.168.2.4162.43.112.11
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620364904 CEST5054180192.168.2.4162.43.112.11
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620685101 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620696068 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620706081 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620718002 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620728016 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620738029 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620747089 CEST5054180192.168.2.4162.43.112.11
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620747089 CEST8050541162.43.112.11192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620776892 CEST5054180192.168.2.4162.43.112.11
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620857000 CEST5054180192.168.2.4162.43.112.11
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620857000 CEST5054180192.168.2.4162.43.112.11
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.769556999 CEST5054280192.168.2.4103.169.142.0
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.774707079 CEST8050542103.169.142.0192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.774785995 CEST5054280192.168.2.4103.169.142.0
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.774899006 CEST5054280192.168.2.4103.169.142.0
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.780941010 CEST8050542103.169.142.0192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.270524979 CEST8050542103.169.142.0192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.271043062 CEST8050542103.169.142.0192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.271214008 CEST5054280192.168.2.4103.169.142.0
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.271456957 CEST5054280192.168.2.4103.169.142.0
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.276277065 CEST8050542103.169.142.0192.168.2.4

                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.516779900 CEST6194153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.527856112 CEST53619411.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.531312943 CEST5935553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.561629057 CEST53593551.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.562501907 CEST5106353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.574085951 CEST53510631.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.574801922 CEST5766153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.734438896 CEST53576611.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.735336065 CEST5642353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.746433020 CEST53564231.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.747323990 CEST5700953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.757493019 CEST53570091.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.758184910 CEST5669153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.920655966 CEST53566911.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.921585083 CEST6419653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.933198929 CEST53641961.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.934508085 CEST5228553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.971004963 CEST53522851.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.972060919 CEST5078653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.006871939 CEST53507861.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.008004904 CEST6097153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.018081903 CEST53609711.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.018795967 CEST5285353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.030225992 CEST53528531.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.030915976 CEST5305153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.043037891 CEST53530511.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.043966055 CEST5371553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.056407928 CEST53537151.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.057239056 CEST5936053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.089106083 CEST53593601.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.089884043 CEST5739853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.246536016 CEST53573981.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.247622013 CEST5322753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.258868933 CEST53532271.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.259604931 CEST5495953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.273937941 CEST53549591.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.275055885 CEST5062953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.436639071 CEST53506291.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.437762022 CEST5145053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.449105978 CEST53514501.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.450565100 CEST5465353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.489624023 CEST53546531.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.510144949 CEST6005453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.519696951 CEST53600541.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.520840883 CEST6214653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.531131029 CEST53621461.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.531982899 CEST5421853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.541373968 CEST53542181.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.556469917 CEST6056253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.568809032 CEST53605621.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.569866896 CEST5678953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.606996059 CEST53567891.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.608042955 CEST5799553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.617621899 CEST53579951.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.618505955 CEST6419553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.629333019 CEST53641951.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.630342007 CEST5118453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.660881996 CEST53511841.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.661987066 CEST5837453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.693945885 CEST53583741.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.695133924 CEST6439653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.729154110 CEST53643961.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.730473995 CEST5994153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.740480900 CEST53599411.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.741391897 CEST5462753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.752187014 CEST53546271.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.753055096 CEST5345053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.785155058 CEST53534501.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.786128044 CEST4969453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.797343016 CEST53496941.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.798145056 CEST5347853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.810630083 CEST53534781.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.815977097 CEST5825153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.828193903 CEST53582511.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.834475040 CEST5880453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.844763041 CEST53588041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.845772028 CEST5409753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.856390953 CEST53540971.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.857348919 CEST6173053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.867223978 CEST53617301.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.868077993 CEST6417353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.879070044 CEST53641731.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.879926920 CEST4984653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.889914989 CEST53498461.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.890707016 CEST6294153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.900331020 CEST53629411.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.901159048 CEST5806753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.910808086 CEST53580671.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.911710978 CEST4973353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.944013119 CEST53497331.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.945015907 CEST6145853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.955724955 CEST53614581.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.956698895 CEST6196453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.966531992 CEST53619641.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.967694998 CEST5130753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.003036022 CEST53513071.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.004026890 CEST5688953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.014677048 CEST53568891.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.015603065 CEST6155553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.027364016 CEST53615551.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.028099060 CEST6227453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.334398985 CEST53622741.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.077691078 CEST6517653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.088501930 CEST53651761.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.196002960 CEST6045953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.205935001 CEST53604591.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.238352060 CEST5977253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.249794960 CEST53597721.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.251591921 CEST5448753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.287610054 CEST53544871.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.299925089 CEST5631553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.335561037 CEST53563151.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.336405039 CEST6402653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.349267960 CEST53640261.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.350001097 CEST5282653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.361551046 CEST53528261.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.362242937 CEST6446953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.372050047 CEST53644691.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.372793913 CEST5673753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.384140968 CEST53567371.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.384919882 CEST6387053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.391804934 CEST53638701.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.979942083 CEST5373953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.013911009 CEST53537391.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.014858961 CEST5793753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.316359043 CEST53579371.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.082600117 CEST5634253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.093738079 CEST53563421.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.094624043 CEST6339253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.105087996 CEST53633921.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.105887890 CEST6420053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.138032913 CEST53642001.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.139014006 CEST5789553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.150547981 CEST53578951.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.151319981 CEST5613853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.161535978 CEST53561381.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.162302017 CEST5877353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.172763109 CEST53587731.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.173535109 CEST6187553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.208744049 CEST53618751.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.209558964 CEST5325553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.458004951 CEST53532551.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.952764034 CEST5710453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.988768101 CEST53571041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.989763021 CEST5174653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.026707888 CEST53517461.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.027842045 CEST5517353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.038799047 CEST53551731.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.039743900 CEST4994753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.072815895 CEST53499471.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.074039936 CEST6408753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.108537912 CEST53640871.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.109370947 CEST5141053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.120690107 CEST53514101.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.121642113 CEST6168153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.132929087 CEST53616811.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.133902073 CEST5718053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.170883894 CEST53571801.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.171716928 CEST5316453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.203480959 CEST53531641.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.204298973 CEST6397653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.215326071 CEST53639761.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.215955019 CEST5843353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.585125923 CEST53584331.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.079288960 CEST6540953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.090936899 CEST53654091.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.091600895 CEST5019853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.126622915 CEST53501981.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.127366066 CEST5645853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.286885977 CEST53564581.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:37.993954897 CEST5599053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.004633904 CEST53559901.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.006066084 CEST5211453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.016480923 CEST53521141.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.017419100 CEST4966453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.055171967 CEST53496641.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.056036949 CEST6352753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.088315010 CEST53635271.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.089124918 CEST6104453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.098994017 CEST53610441.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.099972010 CEST5525153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.110034943 CEST53552511.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.110805035 CEST5560253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.120608091 CEST53556021.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.121339083 CEST5807253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.157426119 CEST53580721.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.158185959 CEST6279953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.190680027 CEST53627991.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.196866989 CEST6381953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.207247972 CEST53638191.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.207973003 CEST5660853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.244110107 CEST53566081.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.244837999 CEST5981053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.277769089 CEST53598101.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.278652906 CEST4950353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.314943075 CEST53495031.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.315885067 CEST5194053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.327742100 CEST53519401.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.328418016 CEST5444953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.338877916 CEST53544491.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.339791059 CEST5279653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.350084066 CEST53527961.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.350853920 CEST5430753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.363928080 CEST53543071.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.365109921 CEST5047653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.375638008 CEST53504761.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.376214027 CEST5573453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.387729883 CEST53557341.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.391582012 CEST5149453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.429469109 CEST53514941.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.430212975 CEST5601153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.441629887 CEST53560111.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.442250967 CEST6111953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.480144024 CEST53611191.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.480808020 CEST5129553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.491015911 CEST53512951.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.491524935 CEST5315753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.537239075 CEST53531571.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.537882090 CEST6364053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.571970940 CEST53636401.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.572726965 CEST5673353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.585814953 CEST53567331.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.586481094 CEST5322953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.597059965 CEST53532291.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.597604036 CEST5342553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.628814936 CEST53534251.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.632293940 CEST6045353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.643729925 CEST53604531.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.647057056 CEST5374953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.657965899 CEST53537491.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.658596039 CEST5842853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.689198017 CEST53584281.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.689930916 CEST4993453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.700522900 CEST53499341.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.701143980 CEST6423053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.732482910 CEST53642301.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.733052969 CEST6155453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.745174885 CEST53615541.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.745862961 CEST6301153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.755985975 CEST53630111.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.756489992 CEST5958553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.791457891 CEST53595851.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.792079926 CEST5134153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.803268909 CEST53513411.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.803879976 CEST6372353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.814083099 CEST53637231.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.814551115 CEST5544953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.823860884 CEST53554491.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.827183962 CEST4956853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.857599020 CEST53495681.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.858237028 CEST5840253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.867928028 CEST53584021.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.868393898 CEST6006253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.899880886 CEST53600621.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.900420904 CEST5372853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.911711931 CEST53537281.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.912178040 CEST5798053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.948250055 CEST53579801.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.948949099 CEST6443053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.983983040 CEST53644301.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.991837025 CEST5405353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.004292011 CEST53540531.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.005136013 CEST4992453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.037817955 CEST53499241.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.038546085 CEST6262153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.048391104 CEST53626211.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.051104069 CEST5235553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.061547995 CEST53523551.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.806246042 CEST6226353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.817190886 CEST53622631.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.817807913 CEST6331153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.830588102 CEST53633111.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.831223011 CEST5384853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.862406015 CEST53538481.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.863138914 CEST5181253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.900032997 CEST53518121.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.901038885 CEST5419253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.074608088 CEST53541921.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.078418970 CEST5415653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.089221954 CEST53541561.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.090159893 CEST5254353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.100800991 CEST53525431.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.101592064 CEST6048253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.136728048 CEST53604821.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.137651920 CEST5271453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.171176910 CEST53527141.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.171984911 CEST5908053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.183373928 CEST53590801.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.184310913 CEST5117353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.196278095 CEST53511731.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.883141994 CEST5253453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.895571947 CEST53525341.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.896352053 CEST4932853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.906969070 CEST53493281.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.907553911 CEST6190453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.918786049 CEST53619041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.919334888 CEST6422653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.930389881 CEST53642261.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.930860043 CEST6190453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.940535069 CEST53619041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.940958023 CEST6448853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.951064110 CEST53644881.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.951509953 CEST5711353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.963449955 CEST53571131.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.963893890 CEST6435753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.247931004 CEST53643571.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.736462116 CEST6503053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.774539948 CEST53650301.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.806479931 CEST5469253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.817284107 CEST53546921.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.818005085 CEST5954753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.854537010 CEST53595471.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.855407000 CEST6487453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.866115093 CEST53648741.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.866703987 CEST5122853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.876334906 CEST53512281.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.876897097 CEST5101453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.886713982 CEST53510141.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.887198925 CEST5735453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.897685051 CEST53573541.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.898111105 CEST5383253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.907331944 CEST53538321.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.907752991 CEST4963953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.918814898 CEST53496391.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.922497034 CEST6358253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.932874918 CEST53635821.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.451173067 CEST5213553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.462270021 CEST53521351.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.463161945 CEST5135253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.473649025 CEST53513521.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.476371050 CEST6171953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.487142086 CEST53617191.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.488023996 CEST5500753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.499075890 CEST53550071.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.001596928 CEST5697153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.843338966 CEST53569711.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.854223013 CEST6289653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.888653040 CEST53628961.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.889447927 CEST5432753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.923321009 CEST53543271.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.923985004 CEST6059753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.933897018 CEST53605971.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.934484959 CEST5718653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.946746111 CEST53571861.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.947788954 CEST6276753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.958240986 CEST53627671.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.958836079 CEST6447953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.989178896 CEST53644791.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.989988089 CEST6491453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.026511908 CEST53649141.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.027486086 CEST5467653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.039850950 CEST53546761.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.040524960 CEST5514153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.050618887 CEST53551411.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.055988073 CEST5268753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.086251020 CEST53526871.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.087034941 CEST5049253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.097558022 CEST53504921.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.098185062 CEST4927653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.109061003 CEST53492761.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.109577894 CEST5170853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.120160103 CEST53517081.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.120659113 CEST5732153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.152117014 CEST53573211.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.152837038 CEST6137153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.184545040 CEST53613711.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.185285091 CEST4951453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.216222048 CEST53495141.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.217061996 CEST5830053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.227883101 CEST53583001.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.228539944 CEST5562053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.264081955 CEST53556201.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.267565012 CEST6381853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.425395012 CEST53638181.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.426358938 CEST5024153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.436055899 CEST53502411.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.436914921 CEST5018653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.467691898 CEST53501861.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.468617916 CEST5247553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.643107891 CEST53524751.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.651936054 CEST5286653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.685338974 CEST53528661.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.686256886 CEST6233453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.716875076 CEST53623341.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.717879057 CEST5739253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.748224020 CEST53573921.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.749293089 CEST6097053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.761845112 CEST53609701.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.762573957 CEST5952853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.772380114 CEST53595281.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.773029089 CEST5901853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.808579922 CEST53590181.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.812081099 CEST6420053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.822535038 CEST53642001.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.823195934 CEST6224853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.854978085 CEST53622481.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.855890036 CEST6221653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.866723061 CEST53622161.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.867412090 CEST6510553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.900227070 CEST53651051.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.901086092 CEST6214853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.910893917 CEST53621481.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.911411047 CEST5760553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.921144009 CEST53576051.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.921684980 CEST5222453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.085330963 CEST53522241.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.089553118 CEST6277153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.100657940 CEST53627711.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.101433992 CEST6426653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.132741928 CEST53642661.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.133475065 CEST5572453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.143801928 CEST53557241.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.144453049 CEST5635653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.180759907 CEST53563561.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.930644035 CEST4921253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.942312956 CEST53492121.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.943070889 CEST5103953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.976795912 CEST53510391.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.977674007 CEST6221653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.015235901 CEST53622161.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.021091938 CEST5617453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.030980110 CEST53561741.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.032116890 CEST5526953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.044868946 CEST53552691.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.045605898 CEST6006353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.057543039 CEST53600631.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.058173895 CEST5315753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.068634033 CEST53531571.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.069360018 CEST6122053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.101561069 CEST53612201.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.102425098 CEST5860853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.112865925 CEST53586081.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.113454103 CEST6431353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.123789072 CEST53643131.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.127826929 CEST6276153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.290184021 CEST53627611.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.060669899 CEST5308553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.071948051 CEST53530851.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.072778940 CEST5805553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.103987932 CEST53580551.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.104943991 CEST4927953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.119075060 CEST53492791.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.119798899 CEST4996153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.130049944 CEST53499611.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.130829096 CEST5047553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.141549110 CEST53504751.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.142100096 CEST6112653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.154079914 CEST53611261.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.154695034 CEST5612953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.167140007 CEST53561291.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.636826992 CEST5355253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.646266937 CEST53535521.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.646853924 CEST5851953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.679728031 CEST53585191.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.680470943 CEST6078953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.852741957 CEST53607891.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.857144117 CEST5270653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.868295908 CEST53527061.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.868947983 CEST6446853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.879282951 CEST53644681.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.879986048 CEST5176253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.890888929 CEST53517621.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.891566992 CEST4946153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.904325008 CEST53494611.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.905175924 CEST5062753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.918318987 CEST53506271.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.918977022 CEST6062953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.079493999 CEST53606291.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.087464094 CEST5784053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.119944096 CEST53578401.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.597723961 CEST6061453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.634460926 CEST53606141.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.638063908 CEST4997853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.807913065 CEST53499781.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.812527895 CEST6359153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.848771095 CEST53635911.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.853123903 CEST6372853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.863404989 CEST53637281.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.864958048 CEST5551853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.874034882 CEST53555181.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.876970053 CEST5622153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.886977911 CEST53562211.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.889244080 CEST5034653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.920269966 CEST53503461.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.921112061 CEST5779653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.932507038 CEST53577961.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.933155060 CEST6091353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.966643095 CEST53609131.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.972115993 CEST5818153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.982570887 CEST53581811.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.984925032 CEST5609353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.020387888 CEST53560931.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.025049925 CEST5806753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.546838999 CEST53580671.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.367155075 CEST5698753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.402309895 CEST53569871.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.899302959 CEST5112353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.911128998 CEST53511231.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.912348986 CEST6444053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.923584938 CEST53644401.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.925046921 CEST6247153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.935820103 CEST53624711.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.936834097 CEST5562353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.947812080 CEST53556231.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.948684931 CEST6074453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.958518028 CEST53607441.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.959500074 CEST6402053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.992185116 CEST53640201.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.993506908 CEST5040453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.003770113 CEST53504041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.004918098 CEST6483953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.014816046 CEST53648391.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.015755892 CEST5082753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.026364088 CEST53508271.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.027241945 CEST6344253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.037784100 CEST53634421.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.038592100 CEST5791353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.076275110 CEST53579131.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.077203989 CEST5220053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.089154005 CEST53522001.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.090075970 CEST4989353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.125044107 CEST53498931.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.129482031 CEST4930953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.164529085 CEST53493091.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.165893078 CEST6447453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.176084042 CEST53644741.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.176935911 CEST5357453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.208859921 CEST53535741.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.210042953 CEST5493753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.220822096 CEST53549371.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.221658945 CEST5328153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.255624056 CEST53532811.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.256648064 CEST5773653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.267288923 CEST53577361.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.268263102 CEST6367253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.299108028 CEST53636721.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.300503016 CEST5726853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.331990004 CEST53572681.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.342367887 CEST6318953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.377178907 CEST53631891.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.378211021 CEST5976453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.389302015 CEST53597641.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.390578032 CEST5639253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.424264908 CEST53563921.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.425767899 CEST6160153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.437735081 CEST53616011.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.440681934 CEST5002553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.599642992 CEST53500251.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.603914976 CEST5640853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.615637064 CEST53564081.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.616687059 CEST5051653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.650736094 CEST53505161.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.651870012 CEST5485353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.663043022 CEST53548531.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.664299965 CEST4968553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.676719904 CEST53496851.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.406511068 CEST6219653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.417331934 CEST53621961.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.418373108 CEST6426653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.431292057 CEST53642661.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.432106972 CEST5716953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.441975117 CEST53571691.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.442657948 CEST5647253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.481990099 CEST53564721.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.482920885 CEST5617753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.494277954 CEST53561771.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.494978905 CEST6500553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.531297922 CEST53650051.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.532474995 CEST5859953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.547818899 CEST53585991.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.553025961 CEST5527853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.584518909 CEST53552781.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.585407019 CEST5799053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.625305891 CEST53579901.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.626166105 CEST6045953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.638153076 CEST53604591.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.639326096 CEST6523353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.651551962 CEST53652331.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.390908957 CEST6004753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.402667999 CEST53600471.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.403575897 CEST6490953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.417562962 CEST53649091.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.418628931 CEST5141053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.429759026 CEST53514101.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.430529118 CEST5134553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.441572905 CEST53513451.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.442358017 CEST6139453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.453607082 CEST53613941.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.454374075 CEST6465053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.493717909 CEST53646501.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.494996071 CEST5947153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.529685974 CEST53594711.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.005268097 CEST5703253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.015990973 CEST53570321.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.016858101 CEST6146953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.048245907 CEST53614691.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.049423933 CEST5943053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.083533049 CEST53594301.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.084852934 CEST5949653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.416898012 CEST53594961.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.423418999 CEST6286353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.434756994 CEST53628631.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.435570002 CEST5990453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.468475103 CEST53599041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.469778061 CEST5874053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.499856949 CEST53587401.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.500888109 CEST5765853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.510364056 CEST53576581.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.511197090 CEST5797853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.522382975 CEST53579781.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.523446083 CEST5098653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.533900976 CEST53509861.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.022674084 CEST5199753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.056524992 CEST53519971.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.066606045 CEST6291753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.077851057 CEST53629171.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.095402956 CEST5776353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.106250048 CEST53577631.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.123997927 CEST6235653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.135023117 CEST53623561.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.143624067 CEST5208253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.157249928 CEST53520821.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.171555996 CEST5090153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.440036058 CEST53509011.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.445688963 CEST5612053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.456969023 CEST53561201.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.457983017 CEST5701053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.468709946 CEST53570101.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.469758034 CEST5972053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.505619049 CEST53597201.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.507081985 CEST5769353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.518942118 CEST53576931.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.520112038 CEST5546553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.531543970 CEST53554651.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.740633965 CEST6381153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.750504971 CEST53638111.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.751374006 CEST5078053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.762093067 CEST53507801.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.763233900 CEST6378553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.773885012 CEST53637851.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.774877071 CEST5340153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.785048962 CEST53534011.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.785741091 CEST6305253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.817622900 CEST53630521.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.819062948 CEST6311653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.828694105 CEST53631161.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.829627037 CEST5448853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.862397909 CEST53544881.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.863675117 CEST5846053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.996939898 CEST53584601.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.838347912 CEST5546753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.848793983 CEST53554671.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.849705935 CEST6370153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.886691093 CEST53637011.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.887917995 CEST5407953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.898998022 CEST53540791.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.400937080 CEST6300453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.411957979 CEST53630041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.413108110 CEST6367253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.423286915 CEST53636721.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.424807072 CEST6075753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.435648918 CEST53607571.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.445004940 CEST6065053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.464720964 CEST53606501.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.468688965 CEST5373153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.479769945 CEST53537311.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.482681036 CEST6465053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.515147924 CEST53646501.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.517842054 CEST6209953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.550947905 CEST53620991.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.552419901 CEST6469153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.563805103 CEST53646911.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.565327883 CEST6553053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.576072931 CEST53655301.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.579281092 CEST6001853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.588906050 CEST53600181.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.589524984 CEST5198253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.599961996 CEST53519821.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.601031065 CEST5048053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.612886906 CEST53504801.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.613718987 CEST5271753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.649171114 CEST53527171.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.650187016 CEST6269153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.662306070 CEST53626911.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.663081884 CEST5755953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.836005926 CEST53575591.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.840517044 CEST5834453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.871547937 CEST53583441.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.872570992 CEST5086953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.904134035 CEST53508691.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.905157089 CEST5169153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.065608025 CEST53516911.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.069288969 CEST5114553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.079703093 CEST53511451.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.046837091 CEST5324853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.056622982 CEST53532481.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.058228016 CEST5239353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.067346096 CEST53523931.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.068753958 CEST5836553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.104300022 CEST53583651.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.105252981 CEST6145953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.116532087 CEST53614591.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.117402077 CEST5399253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.150419950 CEST53539921.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.152977943 CEST5857153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.162533998 CEST53585711.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.163981915 CEST5752853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.173902035 CEST53575281.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.179250002 CEST5271553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.193353891 CEST53527151.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.195130110 CEST5309553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.206099987 CEST53530951.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.206888914 CEST5291553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.216545105 CEST53529151.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.217627048 CEST5441453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.229352951 CEST53544141.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.990783930 CEST6374953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.002518892 CEST53637491.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.003462076 CEST5817753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.039557934 CEST53581771.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.040384054 CEST6050553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.050653934 CEST53605051.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.051424026 CEST6150953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.061521053 CEST53615091.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.062097073 CEST5603953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.073775053 CEST53560391.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.074594975 CEST5213953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.108967066 CEST53521391.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.112854958 CEST6073253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.122062922 CEST53607321.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.613061905 CEST6291253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.624492884 CEST53629121.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.625185966 CEST5404353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.636476994 CEST53540431.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.637274981 CEST6254053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.668234110 CEST53625401.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.669142962 CEST5952653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.707294941 CEST53595261.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.708265066 CEST5542453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.884077072 CEST53554241.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.894329071 CEST5942253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.908761024 CEST53594221.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.909496069 CEST5543053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.943896055 CEST53554301.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.944947958 CEST6511653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.955274105 CEST53651161.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.956145048 CEST5140453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.965862036 CEST53514041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.966546059 CEST5982953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.002609015 CEST53598291.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.497071981 CEST5274053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.508517981 CEST53527401.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.509433031 CEST5784153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.543019056 CEST53578411.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.544044018 CEST5031353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.719302893 CEST53503131.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.724663019 CEST5768653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.734956980 CEST53576861.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.735865116 CEST4926653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.770735979 CEST53492661.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.772010088 CEST5803053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.782696009 CEST53580301.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.783521891 CEST6533853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.944715023 CEST53653381.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.950656891 CEST6030153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.960464954 CEST53603011.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.961179972 CEST5571453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.118673086 CEST53557141.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.124610901 CEST5706753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.135003090 CEST53570671.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.135868073 CEST5070353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.146373034 CEST53507031.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.952037096 CEST6410253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.983405113 CEST53641021.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.984381914 CEST5077953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.020791054 CEST53507791.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.022042036 CEST5491953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.057077885 CEST53549191.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.058088064 CEST5307253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.067508936 CEST53530721.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.068110943 CEST6279353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.077383995 CEST53627931.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.078013897 CEST5744153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.107487917 CEST53574411.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.114320993 CEST5298753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.149900913 CEST53529871.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.950622082 CEST5303853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.983875990 CEST53530381.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.985048056 CEST5470553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:18.446687937 CEST53547051.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:18.452070951 CEST6382653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:18.487235069 CEST53638261.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:18.488126993 CEST4935453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.496006012 CEST4935453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.791028023 CEST53493541.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.791209936 CEST53493541.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.624761105 CEST6459853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.657280922 CEST53645981.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.658462048 CEST5600753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.671979904 CEST53560071.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.672786951 CEST6061253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.683190107 CEST53606121.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.683963060 CEST6418453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.720767021 CEST53641841.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.729680061 CEST5310453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.766282082 CEST53531041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.278990984 CEST6181553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.289216995 CEST53618151.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.293453932 CEST5719553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.329318047 CEST53571951.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.330187082 CEST5102353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.365353107 CEST53510231.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.368097067 CEST5248453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.380625963 CEST53524841.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.382061958 CEST5805153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.397382021 CEST53580511.1.1.1192.168.2.4

                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.516779900 CEST192.168.2.41.1.1.10x95bcStandard query (0)glassnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.531312943 CEST192.168.2.41.1.1.10x41c7Standard query (0)answerneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.562501907 CEST192.168.2.41.1.1.10xf528Standard query (0)glassneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.574801922 CEST192.168.2.41.1.1.10xb96eStandard query (0)answerenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.735336065 CEST192.168.2.41.1.1.10x667eStandard query (0)glassenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.747323990 CEST192.168.2.41.1.1.10x6e90Standard query (0)answergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.758184910 CEST192.168.2.41.1.1.10x3b38Standard query (0)glassgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.921585083 CEST192.168.2.41.1.1.10x9a77Standard query (0)difficultnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.934508085 CEST192.168.2.41.1.1.10x8406Standard query (0)heardnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.972060919 CEST192.168.2.41.1.1.10xd791Standard query (0)difficultneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.008004904 CEST192.168.2.41.1.1.10xb14cStandard query (0)heardneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.018795967 CEST192.168.2.41.1.1.10x70e2Standard query (0)difficultenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.030915976 CEST192.168.2.41.1.1.10xdd73Standard query (0)heardenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.043966055 CEST192.168.2.41.1.1.10x2a95Standard query (0)difficultgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.057239056 CEST192.168.2.41.1.1.10x8f9Standard query (0)heardgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.089884043 CEST192.168.2.41.1.1.10x40aeStandard query (0)pleasantnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.247622013 CEST192.168.2.41.1.1.10x7294Standard query (0)necessarynature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.259604931 CEST192.168.2.41.1.1.10x6cb4Standard query (0)pleasantneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.275055885 CEST192.168.2.41.1.1.10x15d2Standard query (0)necessaryneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.437762022 CEST192.168.2.41.1.1.10x84cdStandard query (0)pleasantenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.450565100 CEST192.168.2.41.1.1.10x4ee4Standard query (0)necessaryenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.510144949 CEST192.168.2.41.1.1.10xe2b9Standard query (0)pleasantgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.520840883 CEST192.168.2.41.1.1.10x8fd1Standard query (0)necessarygovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.531982899 CEST192.168.2.41.1.1.10xc14Standard query (0)ordernature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.556469917 CEST192.168.2.41.1.1.10xecd9Standard query (0)requirenature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.569866896 CEST192.168.2.41.1.1.10x4b35Standard query (0)orderneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.608042955 CEST192.168.2.41.1.1.10xc0b6Standard query (0)requireneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.618505955 CEST192.168.2.41.1.1.10x2211Standard query (0)orderenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.630342007 CEST192.168.2.41.1.1.10xf7d1Standard query (0)requireenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.661987066 CEST192.168.2.41.1.1.10xc76Standard query (0)ordergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.695133924 CEST192.168.2.41.1.1.10x82e3Standard query (0)requiregovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.730473995 CEST192.168.2.41.1.1.10x60b7Standard query (0)leadernature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.741391897 CEST192.168.2.41.1.1.10x98b1Standard query (0)heavennature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.753055096 CEST192.168.2.41.1.1.10xe46bStandard query (0)leaderneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.786128044 CEST192.168.2.41.1.1.10xf92aStandard query (0)heavenneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.798145056 CEST192.168.2.41.1.1.10xfa5dStandard query (0)leaderenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.815977097 CEST192.168.2.41.1.1.10x9f48Standard query (0)heavenenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.834475040 CEST192.168.2.41.1.1.10x7cb3Standard query (0)leadergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.845772028 CEST192.168.2.41.1.1.10x9c58Standard query (0)heavengovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.857348919 CEST192.168.2.41.1.1.10xe8b4Standard query (0)heavynature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.868077993 CEST192.168.2.41.1.1.10xf5b6Standard query (0)gentlenature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.879926920 CEST192.168.2.41.1.1.10xba3Standard query (0)heavyneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.890707016 CEST192.168.2.41.1.1.10xcb4Standard query (0)gentleneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.901159048 CEST192.168.2.41.1.1.10xd8f9Standard query (0)heavyenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.911710978 CEST192.168.2.41.1.1.10x677dStandard query (0)gentleenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.945015907 CEST192.168.2.41.1.1.10xed1Standard query (0)heavygovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.956698895 CEST192.168.2.41.1.1.10xcf0bStandard query (0)gentlegovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.967694998 CEST192.168.2.41.1.1.10xd830Standard query (0)variousnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.004026890 CEST192.168.2.41.1.1.10x5735Standard query (0)returnnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.015603065 CEST192.168.2.41.1.1.10x9ce5Standard query (0)variousneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.028099060 CEST192.168.2.41.1.1.10x7d88Standard query (0)returnneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.077691078 CEST192.168.2.41.1.1.10xd73aStandard query (0)variousenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.196002960 CEST192.168.2.41.1.1.10xfda2Standard query (0)returnenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.238352060 CEST192.168.2.41.1.1.10xfd08Standard query (0)variousgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.251591921 CEST192.168.2.41.1.1.10x4ce6Standard query (0)returngovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.299925089 CEST192.168.2.41.1.1.10xc710Standard query (0)degreefurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.336405039 CEST192.168.2.41.1.1.10x3b74Standard query (0)forwardfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.350001097 CEST192.168.2.41.1.1.10xdda8Standard query (0)degreecover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.362242937 CEST192.168.2.41.1.1.10xdeebStandard query (0)forwardcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.372793913 CEST192.168.2.41.1.1.10x102cStandard query (0)degreebecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.384919882 CEST192.168.2.41.1.1.10xf726Standard query (0)forwardbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.979942083 CEST192.168.2.41.1.1.10xd3b6Standard query (0)degreecompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.014858961 CEST192.168.2.41.1.1.10xdcb7Standard query (0)forwardcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.082600117 CEST192.168.2.41.1.1.10x99f7Standard query (0)answerfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.094624043 CEST192.168.2.41.1.1.10x6777Standard query (0)glassfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.105887890 CEST192.168.2.41.1.1.10x821fStandard query (0)answercover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.139014006 CEST192.168.2.41.1.1.10x7013Standard query (0)glasscover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.151319981 CEST192.168.2.41.1.1.10x3e31Standard query (0)answerbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.162302017 CEST192.168.2.41.1.1.10xc17bStandard query (0)glassbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.173535109 CEST192.168.2.41.1.1.10xc05Standard query (0)answercompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.209558964 CEST192.168.2.41.1.1.10xbb97Standard query (0)glasscompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.952764034 CEST192.168.2.41.1.1.10xadd6Standard query (0)difficultfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.989763021 CEST192.168.2.41.1.1.10x5a59Standard query (0)heardfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.027842045 CEST192.168.2.41.1.1.10xae1eStandard query (0)difficultcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.039743900 CEST192.168.2.41.1.1.10xfa39Standard query (0)heardcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.074039936 CEST192.168.2.41.1.1.10xb25aStandard query (0)difficultbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.109370947 CEST192.168.2.41.1.1.10x5e4aStandard query (0)heardbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.121642113 CEST192.168.2.41.1.1.10x973cStandard query (0)difficultcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.133902073 CEST192.168.2.41.1.1.10xf294Standard query (0)heardcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.171716928 CEST192.168.2.41.1.1.10x1795Standard query (0)pleasantfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.204298973 CEST192.168.2.41.1.1.10x6faaStandard query (0)necessaryfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.215955019 CEST192.168.2.41.1.1.10xd8cbStandard query (0)pleasantcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.079288960 CEST192.168.2.41.1.1.10x5aeaStandard query (0)necessarycover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.091600895 CEST192.168.2.41.1.1.10x6c1fStandard query (0)pleasantbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.127366066 CEST192.168.2.41.1.1.10xee17Standard query (0)necessarybecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:37.993954897 CEST192.168.2.41.1.1.10x5611Standard query (0)answerneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.006066084 CEST192.168.2.41.1.1.10x89c6Standard query (0)glassneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.017419100 CEST192.168.2.41.1.1.10xc511Standard query (0)answerenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.056036949 CEST192.168.2.41.1.1.10x5f52Standard query (0)glassenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.089124918 CEST192.168.2.41.1.1.10x8259Standard query (0)answergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.099972010 CEST192.168.2.41.1.1.10x2e6dStandard query (0)glassgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.110805035 CEST192.168.2.41.1.1.10xd833Standard query (0)difficultnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.121339083 CEST192.168.2.41.1.1.10x201dStandard query (0)heardnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.158185959 CEST192.168.2.41.1.1.10x854eStandard query (0)difficultneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.196866989 CEST192.168.2.41.1.1.10x33a5Standard query (0)heardneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.207973003 CEST192.168.2.41.1.1.10x6fddStandard query (0)difficultenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.244837999 CEST192.168.2.41.1.1.10x7857Standard query (0)heardenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.278652906 CEST192.168.2.41.1.1.10xab6cStandard query (0)difficultgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.315885067 CEST192.168.2.41.1.1.10x9bbfStandard query (0)heardgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.328418016 CEST192.168.2.41.1.1.10x7397Standard query (0)pleasantnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.339791059 CEST192.168.2.41.1.1.10xd5d2Standard query (0)necessarynature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.350853920 CEST192.168.2.41.1.1.10xe4b3Standard query (0)pleasantneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.365109921 CEST192.168.2.41.1.1.10xb371Standard query (0)necessaryneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.376214027 CEST192.168.2.41.1.1.10x9f58Standard query (0)pleasantenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.391582012 CEST192.168.2.41.1.1.10xcae8Standard query (0)necessaryenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.430212975 CEST192.168.2.41.1.1.10x3440Standard query (0)pleasantgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.442250967 CEST192.168.2.41.1.1.10xa5deStandard query (0)necessarygovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.480808020 CEST192.168.2.41.1.1.10xa8a5Standard query (0)ordernature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.491524935 CEST192.168.2.41.1.1.10x454eStandard query (0)requirenature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.537882090 CEST192.168.2.41.1.1.10xf663Standard query (0)orderneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.572726965 CEST192.168.2.41.1.1.10x2d73Standard query (0)requireneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.586481094 CEST192.168.2.41.1.1.10x847fStandard query (0)orderenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.597604036 CEST192.168.2.41.1.1.10x75f7Standard query (0)requireenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.632293940 CEST192.168.2.41.1.1.10x5800Standard query (0)ordergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.647057056 CEST192.168.2.41.1.1.10xe067Standard query (0)requiregovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.658596039 CEST192.168.2.41.1.1.10xff4Standard query (0)leadernature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.689930916 CEST192.168.2.41.1.1.10x2fc6Standard query (0)heavennature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.701143980 CEST192.168.2.41.1.1.10x32abStandard query (0)leaderneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.733052969 CEST192.168.2.41.1.1.10x1704Standard query (0)heavenneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.745862961 CEST192.168.2.41.1.1.10xe416Standard query (0)leaderenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.756489992 CEST192.168.2.41.1.1.10x8662Standard query (0)heavenenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.792079926 CEST192.168.2.41.1.1.10xe5afStandard query (0)leadergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.803879976 CEST192.168.2.41.1.1.10x6c1fStandard query (0)heavengovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.814551115 CEST192.168.2.41.1.1.10xafeeStandard query (0)heavynature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.827183962 CEST192.168.2.41.1.1.10xec46Standard query (0)gentlenature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.858237028 CEST192.168.2.41.1.1.10xc077Standard query (0)heavyneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.868393898 CEST192.168.2.41.1.1.10x4e05Standard query (0)gentleneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.900420904 CEST192.168.2.41.1.1.10x9742Standard query (0)heavyenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.912178040 CEST192.168.2.41.1.1.10x90c0Standard query (0)gentleenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.948949099 CEST192.168.2.41.1.1.10x3ceeStandard query (0)heavygovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.991837025 CEST192.168.2.41.1.1.10x695bStandard query (0)gentlegovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.005136013 CEST192.168.2.41.1.1.10x1a2eStandard query (0)variousnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.038546085 CEST192.168.2.41.1.1.10x50ccStandard query (0)returnnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.051104069 CEST192.168.2.41.1.1.10xf602Standard query (0)variousneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.806246042 CEST192.168.2.41.1.1.10x70aeStandard query (0)variousenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.817807913 CEST192.168.2.41.1.1.10x7a50Standard query (0)returnenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.831223011 CEST192.168.2.41.1.1.10x36f7Standard query (0)variousgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.863138914 CEST192.168.2.41.1.1.10xc9bfStandard query (0)returngovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.901038885 CEST192.168.2.41.1.1.10xead9Standard query (0)degreefurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.078418970 CEST192.168.2.41.1.1.10x9ed0Standard query (0)forwardfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.090159893 CEST192.168.2.41.1.1.10xccf5Standard query (0)degreecover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.101592064 CEST192.168.2.41.1.1.10x3407Standard query (0)forwardcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.137651920 CEST192.168.2.41.1.1.10x92aStandard query (0)degreebecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.171984911 CEST192.168.2.41.1.1.10x84e4Standard query (0)forwardbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.184310913 CEST192.168.2.41.1.1.10xc807Standard query (0)degreecompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.883141994 CEST192.168.2.41.1.1.10x2c16Standard query (0)answerfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.896352053 CEST192.168.2.41.1.1.10xe700Standard query (0)glassfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.907553911 CEST192.168.2.41.1.1.10x541bStandard query (0)answercover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.919334888 CEST192.168.2.41.1.1.10xe356Standard query (0)glasscover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.930860043 CEST192.168.2.41.1.1.10x6081Standard query (0)answerbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.940958023 CEST192.168.2.41.1.1.10x89c3Standard query (0)glassbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.951509953 CEST192.168.2.41.1.1.10xf5cbStandard query (0)answercompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.963893890 CEST192.168.2.41.1.1.10x3907Standard query (0)glasscompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.736462116 CEST192.168.2.41.1.1.10x63c6Standard query (0)difficultfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.806479931 CEST192.168.2.41.1.1.10x7d7Standard query (0)heardfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.818005085 CEST192.168.2.41.1.1.10x25a5Standard query (0)difficultcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.855407000 CEST192.168.2.41.1.1.10x3c4dStandard query (0)heardcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.866703987 CEST192.168.2.41.1.1.10xc5d8Standard query (0)difficultbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.876897097 CEST192.168.2.41.1.1.10xc6ccStandard query (0)heardbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.887198925 CEST192.168.2.41.1.1.10x7769Standard query (0)difficultcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.898111105 CEST192.168.2.41.1.1.10xa1bfStandard query (0)heardcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.907752991 CEST192.168.2.41.1.1.10x289eStandard query (0)pleasantfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.922497034 CEST192.168.2.41.1.1.10xe252Standard query (0)necessaryfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.451173067 CEST192.168.2.41.1.1.10x8b6aStandard query (0)necessarycover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.463161945 CEST192.168.2.41.1.1.10x724aStandard query (0)pleasantbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.476371050 CEST192.168.2.41.1.1.10x9c1Standard query (0)necessarybecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.488023996 CEST192.168.2.41.1.1.10x6f8eStandard query (0)pleasantcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.001596928 CEST192.168.2.41.1.1.10x4b27Standard query (0)heardneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.854223013 CEST192.168.2.41.1.1.10xf477Standard query (0)difficultenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.889447927 CEST192.168.2.41.1.1.10xb32eStandard query (0)heardenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.923985004 CEST192.168.2.41.1.1.10x211Standard query (0)difficultgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.934484959 CEST192.168.2.41.1.1.10x9b7aStandard query (0)heardgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.947788954 CEST192.168.2.41.1.1.10x9b25Standard query (0)pleasantnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.958836079 CEST192.168.2.41.1.1.10x83b8Standard query (0)necessarynature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.989988089 CEST192.168.2.41.1.1.10x5805Standard query (0)pleasantneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.027486086 CEST192.168.2.41.1.1.10xa47fStandard query (0)necessaryneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.040524960 CEST192.168.2.41.1.1.10x1bf2Standard query (0)pleasantenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.055988073 CEST192.168.2.41.1.1.10x2759Standard query (0)necessaryenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.087034941 CEST192.168.2.41.1.1.10x4f89Standard query (0)pleasantgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.098185062 CEST192.168.2.41.1.1.10x6d4fStandard query (0)necessarygovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.109577894 CEST192.168.2.41.1.1.10x660Standard query (0)ordernature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.120659113 CEST192.168.2.41.1.1.10xe5d7Standard query (0)requirenature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.152837038 CEST192.168.2.41.1.1.10xb571Standard query (0)orderneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.185285091 CEST192.168.2.41.1.1.10x72afStandard query (0)requireneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.217061996 CEST192.168.2.41.1.1.10xb81aStandard query (0)orderenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.228539944 CEST192.168.2.41.1.1.10xd1e5Standard query (0)requireenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.267565012 CEST192.168.2.41.1.1.10xf318Standard query (0)ordergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.426358938 CEST192.168.2.41.1.1.10x9171Standard query (0)requiregovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.436914921 CEST192.168.2.41.1.1.10x9803Standard query (0)leadernature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.468617916 CEST192.168.2.41.1.1.10x3befStandard query (0)heavennature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.651936054 CEST192.168.2.41.1.1.10xa3cbStandard query (0)leaderneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.686256886 CEST192.168.2.41.1.1.10x7e3dStandard query (0)heavenneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.717879057 CEST192.168.2.41.1.1.10xe03cStandard query (0)leaderenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.749293089 CEST192.168.2.41.1.1.10x5553Standard query (0)heavenenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.762573957 CEST192.168.2.41.1.1.10xd0d3Standard query (0)leadergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.773029089 CEST192.168.2.41.1.1.10x64deStandard query (0)heavengovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.812081099 CEST192.168.2.41.1.1.10x84b2Standard query (0)heavynature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.823195934 CEST192.168.2.41.1.1.10x4b42Standard query (0)gentlenature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.855890036 CEST192.168.2.41.1.1.10x3671Standard query (0)heavyneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.867412090 CEST192.168.2.41.1.1.10xe003Standard query (0)gentleneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.901086092 CEST192.168.2.41.1.1.10x182bStandard query (0)heavyenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.911411047 CEST192.168.2.41.1.1.10x59f0Standard query (0)gentleenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.921684980 CEST192.168.2.41.1.1.10x6dfcStandard query (0)heavygovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.089553118 CEST192.168.2.41.1.1.10x613eStandard query (0)gentlegovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.101433992 CEST192.168.2.41.1.1.10x82c7Standard query (0)variousnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.133475065 CEST192.168.2.41.1.1.10x9031Standard query (0)returnnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.144453049 CEST192.168.2.41.1.1.10x8af4Standard query (0)variousneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.930644035 CEST192.168.2.41.1.1.10x62b1Standard query (0)variousenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.943070889 CEST192.168.2.41.1.1.10xc7c1Standard query (0)returnenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.977674007 CEST192.168.2.41.1.1.10xb074Standard query (0)variousgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.021091938 CEST192.168.2.41.1.1.10xa7f9Standard query (0)returngovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.032116890 CEST192.168.2.41.1.1.10x4a02Standard query (0)degreefurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.045605898 CEST192.168.2.41.1.1.10x54ffStandard query (0)forwardfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.058173895 CEST192.168.2.41.1.1.10xd3caStandard query (0)degreecover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.069360018 CEST192.168.2.41.1.1.10x416fStandard query (0)forwardcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.102425098 CEST192.168.2.41.1.1.10x9fb9Standard query (0)degreebecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.113454103 CEST192.168.2.41.1.1.10xe746Standard query (0)forwardbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.127826929 CEST192.168.2.41.1.1.10x954cStandard query (0)degreecompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.060669899 CEST192.168.2.41.1.1.10xb115Standard query (0)answerfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.072778940 CEST192.168.2.41.1.1.10x604aStandard query (0)glassfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.104943991 CEST192.168.2.41.1.1.10xb81aStandard query (0)answercover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.119798899 CEST192.168.2.41.1.1.10xb57Standard query (0)glasscover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.130829096 CEST192.168.2.41.1.1.10xb505Standard query (0)answerbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.142100096 CEST192.168.2.41.1.1.10x8783Standard query (0)glassbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.154695034 CEST192.168.2.41.1.1.10x6d55Standard query (0)answercompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.636826992 CEST192.168.2.41.1.1.10xcb8eStandard query (0)difficultfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.646853924 CEST192.168.2.41.1.1.10x2708Standard query (0)heardfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.680470943 CEST192.168.2.41.1.1.10xd2f5Standard query (0)difficultcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.857144117 CEST192.168.2.41.1.1.10x6b1aStandard query (0)heardcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.868947983 CEST192.168.2.41.1.1.10x8b9bStandard query (0)difficultbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.879986048 CEST192.168.2.41.1.1.10x1e2cStandard query (0)heardbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.891566992 CEST192.168.2.41.1.1.10x7Standard query (0)difficultcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.905175924 CEST192.168.2.41.1.1.10xf2b3Standard query (0)heardcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.918977022 CEST192.168.2.41.1.1.10x67ceStandard query (0)pleasantfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.087464094 CEST192.168.2.41.1.1.10xa48aStandard query (0)necessaryfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.597723961 CEST192.168.2.41.1.1.10xfedfStandard query (0)necessarycover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.638063908 CEST192.168.2.41.1.1.10xe65Standard query (0)pleasantbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.812527895 CEST192.168.2.41.1.1.10x8355Standard query (0)necessarybecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.853123903 CEST192.168.2.41.1.1.10x7220Standard query (0)pleasantcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.864958048 CEST192.168.2.41.1.1.10xc63fStandard query (0)necessarycompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.876970053 CEST192.168.2.41.1.1.10xebbeStandard query (0)orderfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.889244080 CEST192.168.2.41.1.1.10x9b74Standard query (0)requirefurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.921112061 CEST192.168.2.41.1.1.10x4019Standard query (0)ordercover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.933155060 CEST192.168.2.41.1.1.10xc3a5Standard query (0)requirecover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.972115993 CEST192.168.2.41.1.1.10x15a3Standard query (0)orderbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.984925032 CEST192.168.2.41.1.1.10x7d44Standard query (0)requirebecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.025049925 CEST192.168.2.41.1.1.10x2373Standard query (0)ordercompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.367155075 CEST192.168.2.41.1.1.10xe612Standard query (0)requirecompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.899302959 CEST192.168.2.41.1.1.10x6b85Standard query (0)necessaryenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.912348986 CEST192.168.2.41.1.1.10x129fStandard query (0)pleasantgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.925046921 CEST192.168.2.41.1.1.10xd84fStandard query (0)necessarygovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.936834097 CEST192.168.2.41.1.1.10xa8afStandard query (0)ordernature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.948684931 CEST192.168.2.41.1.1.10x7416Standard query (0)requirenature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.959500074 CEST192.168.2.41.1.1.10xa6f4Standard query (0)orderneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.993506908 CEST192.168.2.41.1.1.10x99c2Standard query (0)requireneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.004918098 CEST192.168.2.41.1.1.10xb13eStandard query (0)orderenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.015755892 CEST192.168.2.41.1.1.10x84b7Standard query (0)requireenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.027241945 CEST192.168.2.41.1.1.10xf01aStandard query (0)ordergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.038592100 CEST192.168.2.41.1.1.10xd969Standard query (0)requiregovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.077203989 CEST192.168.2.41.1.1.10xef7aStandard query (0)leadernature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.090075970 CEST192.168.2.41.1.1.10x5b26Standard query (0)heavennature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.129482031 CEST192.168.2.41.1.1.10xfe91Standard query (0)leaderneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.165893078 CEST192.168.2.41.1.1.10xd4edStandard query (0)heavenneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.176935911 CEST192.168.2.41.1.1.10x6fbaStandard query (0)leaderenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.210042953 CEST192.168.2.41.1.1.10xaccaStandard query (0)heavenenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.221658945 CEST192.168.2.41.1.1.10x9d78Standard query (0)leadergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.256648064 CEST192.168.2.41.1.1.10x61e8Standard query (0)heavengovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.268263102 CEST192.168.2.41.1.1.10x1d40Standard query (0)heavynature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.300503016 CEST192.168.2.41.1.1.10x593eStandard query (0)gentlenature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.342367887 CEST192.168.2.41.1.1.10x1c06Standard query (0)heavyneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.378211021 CEST192.168.2.41.1.1.10x6eddStandard query (0)gentleneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.390578032 CEST192.168.2.41.1.1.10xce54Standard query (0)heavyenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.425767899 CEST192.168.2.41.1.1.10x38b2Standard query (0)gentleenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.440681934 CEST192.168.2.41.1.1.10x1762Standard query (0)heavygovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.603914976 CEST192.168.2.41.1.1.10x3644Standard query (0)gentlegovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.616687059 CEST192.168.2.41.1.1.10x48f3Standard query (0)variousnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.651870012 CEST192.168.2.41.1.1.10x68b9Standard query (0)returnnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.664299965 CEST192.168.2.41.1.1.10x7603Standard query (0)variousneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.406511068 CEST192.168.2.41.1.1.10x946Standard query (0)variousenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.418373108 CEST192.168.2.41.1.1.10xb499Standard query (0)returnenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.432106972 CEST192.168.2.41.1.1.10x7e04Standard query (0)variousgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.442657948 CEST192.168.2.41.1.1.10x5bbcStandard query (0)returngovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.482920885 CEST192.168.2.41.1.1.10x6cccStandard query (0)degreefurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.494978905 CEST192.168.2.41.1.1.10xebeeStandard query (0)forwardfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.532474995 CEST192.168.2.41.1.1.10x41e9Standard query (0)degreecover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.553025961 CEST192.168.2.41.1.1.10x8d31Standard query (0)forwardcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.585407019 CEST192.168.2.41.1.1.10xdda4Standard query (0)degreebecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.626166105 CEST192.168.2.41.1.1.10x25eaStandard query (0)forwardbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.639326096 CEST192.168.2.41.1.1.10x531dStandard query (0)degreecompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.390908957 CEST192.168.2.41.1.1.10x9100Standard query (0)answerfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.403575897 CEST192.168.2.41.1.1.10xf3d2Standard query (0)glassfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.418628931 CEST192.168.2.41.1.1.10x164aStandard query (0)answercover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.430529118 CEST192.168.2.41.1.1.10x2343Standard query (0)glasscover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.442358017 CEST192.168.2.41.1.1.10x278fStandard query (0)answerbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.454374075 CEST192.168.2.41.1.1.10x88bbStandard query (0)glassbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.494996071 CEST192.168.2.41.1.1.10xbdd2Standard query (0)answercompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.005268097 CEST192.168.2.41.1.1.10xda8cStandard query (0)difficultfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.016858101 CEST192.168.2.41.1.1.10x9925Standard query (0)heardfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.049423933 CEST192.168.2.41.1.1.10xa4b9Standard query (0)difficultcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.084852934 CEST192.168.2.41.1.1.10xfb4aStandard query (0)heardcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.423418999 CEST192.168.2.41.1.1.10x99Standard query (0)difficultbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.435570002 CEST192.168.2.41.1.1.10x29c6Standard query (0)heardbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.469778061 CEST192.168.2.41.1.1.10xceeaStandard query (0)difficultcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.500888109 CEST192.168.2.41.1.1.10x1df1Standard query (0)heardcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.511197090 CEST192.168.2.41.1.1.10x8949Standard query (0)pleasantfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.523446083 CEST192.168.2.41.1.1.10x1d9dStandard query (0)necessaryfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.022674084 CEST192.168.2.41.1.1.10xdaabStandard query (0)necessarycover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.066606045 CEST192.168.2.41.1.1.10x392cStandard query (0)pleasantbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.095402956 CEST192.168.2.41.1.1.10xc621Standard query (0)necessarybecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.123997927 CEST192.168.2.41.1.1.10x6197Standard query (0)pleasantcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.143624067 CEST192.168.2.41.1.1.10x3ae0Standard query (0)necessarycompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.171555996 CEST192.168.2.41.1.1.10x656cStandard query (0)orderfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.445688963 CEST192.168.2.41.1.1.10x8b2aStandard query (0)requirefurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.457983017 CEST192.168.2.41.1.1.10x49fdStandard query (0)ordercover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.469758034 CEST192.168.2.41.1.1.10xd4d7Standard query (0)requirecover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.507081985 CEST192.168.2.41.1.1.10xcca0Standard query (0)orderbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.520112038 CEST192.168.2.41.1.1.10x16e8Standard query (0)requirebecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.740633965 CEST192.168.2.41.1.1.10xa57fStandard query (0)requirecompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.751374006 CEST192.168.2.41.1.1.10x23beStandard query (0)leaderfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.763233900 CEST192.168.2.41.1.1.10xbffbStandard query (0)heavenfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.774877071 CEST192.168.2.41.1.1.10x62a1Standard query (0)leadercover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.785741091 CEST192.168.2.41.1.1.10xc181Standard query (0)heavencover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.819062948 CEST192.168.2.41.1.1.10xccc7Standard query (0)leaderbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.829627037 CEST192.168.2.41.1.1.10x46b8Standard query (0)heavenbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.863675117 CEST192.168.2.41.1.1.10xd77cStandard query (0)leadercompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.838347912 CEST192.168.2.41.1.1.10x757Standard query (0)heavencompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.849705935 CEST192.168.2.41.1.1.10xf855Standard query (0)heavyfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.887917995 CEST192.168.2.41.1.1.10x21a7Standard query (0)gentlefurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.400937080 CEST192.168.2.41.1.1.10x2853Standard query (0)leadernature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.413108110 CEST192.168.2.41.1.1.10x59deStandard query (0)heavennature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.424807072 CEST192.168.2.41.1.1.10x76e5Standard query (0)leaderneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.445004940 CEST192.168.2.41.1.1.10x1796Standard query (0)heavenneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.468688965 CEST192.168.2.41.1.1.10x2b0eStandard query (0)leaderenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.482681036 CEST192.168.2.41.1.1.10x9126Standard query (0)heavenenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.517842054 CEST192.168.2.41.1.1.10x40dcStandard query (0)leadergovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.552419901 CEST192.168.2.41.1.1.10x61ebStandard query (0)heavengovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.565327883 CEST192.168.2.41.1.1.10x17c7Standard query (0)heavynature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.579281092 CEST192.168.2.41.1.1.10x9de9Standard query (0)gentlenature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.589524984 CEST192.168.2.41.1.1.10xd346Standard query (0)heavyneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.601031065 CEST192.168.2.41.1.1.10xf0e8Standard query (0)gentleneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.613718987 CEST192.168.2.41.1.1.10x5ccaStandard query (0)heavyenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.650187016 CEST192.168.2.41.1.1.10xa83bStandard query (0)gentleenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.663081884 CEST192.168.2.41.1.1.10x502bStandard query (0)heavygovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.840517044 CEST192.168.2.41.1.1.10x32beStandard query (0)gentlegovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.872570992 CEST192.168.2.41.1.1.10x7996Standard query (0)variousnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.905157089 CEST192.168.2.41.1.1.10x1cf0Standard query (0)returnnature.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.069288969 CEST192.168.2.41.1.1.10x5a02Standard query (0)variousneedle.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.046837091 CEST192.168.2.41.1.1.10xd1e4Standard query (0)variousenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.058228016 CEST192.168.2.41.1.1.10xbb51Standard query (0)returnenough.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.068753958 CEST192.168.2.41.1.1.10x3480Standard query (0)variousgovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.105252981 CEST192.168.2.41.1.1.10x9733Standard query (0)returngovern.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.117402077 CEST192.168.2.41.1.1.10x7b6fStandard query (0)degreefurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.152977943 CEST192.168.2.41.1.1.10x9b9dStandard query (0)forwardfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.163981915 CEST192.168.2.41.1.1.10x411Standard query (0)degreecover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.179250002 CEST192.168.2.41.1.1.10x390fStandard query (0)forwardcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.195130110 CEST192.168.2.41.1.1.10x80e2Standard query (0)degreebecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.206888914 CEST192.168.2.41.1.1.10x8022Standard query (0)forwardbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.217627048 CEST192.168.2.41.1.1.10x8b2cStandard query (0)degreecompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.990783930 CEST192.168.2.41.1.1.10xb8a3Standard query (0)answerfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.003462076 CEST192.168.2.41.1.1.10xaf4bStandard query (0)glassfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.040384054 CEST192.168.2.41.1.1.10x7d15Standard query (0)answercover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.051424026 CEST192.168.2.41.1.1.10xda76Standard query (0)glasscover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.062097073 CEST192.168.2.41.1.1.10xe338Standard query (0)answerbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.074594975 CEST192.168.2.41.1.1.10x7c55Standard query (0)glassbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.112854958 CEST192.168.2.41.1.1.10xc60aStandard query (0)answercompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.613061905 CEST192.168.2.41.1.1.10x63b1Standard query (0)difficultfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.625185966 CEST192.168.2.41.1.1.10x8c71Standard query (0)heardfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.637274981 CEST192.168.2.41.1.1.10x728eStandard query (0)difficultcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.669142962 CEST192.168.2.41.1.1.10x43ccStandard query (0)heardcover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.708265066 CEST192.168.2.41.1.1.10xe0cStandard query (0)difficultbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.894329071 CEST192.168.2.41.1.1.10x1ff6Standard query (0)heardbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.909496069 CEST192.168.2.41.1.1.10xbc9Standard query (0)difficultcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.944947958 CEST192.168.2.41.1.1.10x7505Standard query (0)heardcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.956145048 CEST192.168.2.41.1.1.10xf61eStandard query (0)pleasantfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.966546059 CEST192.168.2.41.1.1.10x722bStandard query (0)necessaryfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.497071981 CEST192.168.2.41.1.1.10x911bStandard query (0)necessarycover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.509433031 CEST192.168.2.41.1.1.10xc3ffStandard query (0)pleasantbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.544044018 CEST192.168.2.41.1.1.10xac29Standard query (0)necessarybecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.724663019 CEST192.168.2.41.1.1.10x554dStandard query (0)pleasantcompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.735865116 CEST192.168.2.41.1.1.10x681fStandard query (0)necessarycompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.772010088 CEST192.168.2.41.1.1.10x7895Standard query (0)orderfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.783521891 CEST192.168.2.41.1.1.10x1b77Standard query (0)requirefurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.950656891 CEST192.168.2.41.1.1.10x1f19Standard query (0)ordercover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.961179972 CEST192.168.2.41.1.1.10x338fStandard query (0)requirecover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.124610901 CEST192.168.2.41.1.1.10x7e38Standard query (0)orderbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.135868073 CEST192.168.2.41.1.1.10xe98Standard query (0)requirebecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.952037096 CEST192.168.2.41.1.1.10x3a17Standard query (0)requirecompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.984381914 CEST192.168.2.41.1.1.10xa3abStandard query (0)leaderfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.022042036 CEST192.168.2.41.1.1.10x3347Standard query (0)heavenfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.058088064 CEST192.168.2.41.1.1.10x26fcStandard query (0)leadercover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.068110943 CEST192.168.2.41.1.1.10x7b16Standard query (0)heavencover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.078013897 CEST192.168.2.41.1.1.10xbaeaStandard query (0)leaderbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.114320993 CEST192.168.2.41.1.1.10xadb3Standard query (0)heavenbecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.950622082 CEST192.168.2.41.1.1.10xd12aStandard query (0)heavencompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.985048056 CEST192.168.2.41.1.1.10x4b42Standard query (0)heavyfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:18.452070951 CEST192.168.2.41.1.1.10x8c1bStandard query (0)gentlefurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:18.488126993 CEST192.168.2.41.1.1.10x7d02Standard query (0)heavycover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.496006012 CEST192.168.2.41.1.1.10x7d02Standard query (0)heavycover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.624761105 CEST192.168.2.41.1.1.10x4841Standard query (0)gentlecover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.658462048 CEST192.168.2.41.1.1.10xace9Standard query (0)heavybecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.672786951 CEST192.168.2.41.1.1.10x1aeStandard query (0)gentlebecome.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.683963060 CEST192.168.2.41.1.1.10x2ed8Standard query (0)heavycompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.729680061 CEST192.168.2.41.1.1.10xae89Standard query (0)gentlecompany.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.278990984 CEST192.168.2.41.1.1.10xa934Standard query (0)variousfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.293453932 CEST192.168.2.41.1.1.10xbcc9Standard query (0)returnfurther.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.330187082 CEST192.168.2.41.1.1.10x95f7Standard query (0)variouscover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.368097067 CEST192.168.2.41.1.1.10xb1aaStandard query (0)returncover.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.382061958 CEST192.168.2.41.1.1.10x69b0Standard query (0)variousbecome.netA (IP address)IN (0x0001)false

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.527856112 CEST1.1.1.1192.168.2.40x95bcName error (3)glassnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.561629057 CEST1.1.1.1192.168.2.40x41c7Name error (3)answerneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.574085951 CEST1.1.1.1192.168.2.40xf528Name error (3)glassneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.734438896 CEST1.1.1.1192.168.2.40xb96eName error (3)answerenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.746433020 CEST1.1.1.1192.168.2.40x667eName error (3)glassenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.757493019 CEST1.1.1.1192.168.2.40x6e90Name error (3)answergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.920655966 CEST1.1.1.1192.168.2.40x3b38Name error (3)glassgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.933198929 CEST1.1.1.1192.168.2.40x9a77Name error (3)difficultnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:19.971004963 CEST1.1.1.1192.168.2.40x8406Name error (3)heardnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.006871939 CEST1.1.1.1192.168.2.40xd791Name error (3)difficultneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.018081903 CEST1.1.1.1192.168.2.40xb14cName error (3)heardneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.030225992 CEST1.1.1.1192.168.2.40x70e2Name error (3)difficultenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.043037891 CEST1.1.1.1192.168.2.40xdd73Name error (3)heardenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.056407928 CEST1.1.1.1192.168.2.40x2a95Name error (3)difficultgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.089106083 CEST1.1.1.1192.168.2.40x8f9Name error (3)heardgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.246536016 CEST1.1.1.1192.168.2.40x40aeName error (3)pleasantnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.258868933 CEST1.1.1.1192.168.2.40x7294Name error (3)necessarynature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.273937941 CEST1.1.1.1192.168.2.40x6cb4Name error (3)pleasantneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.436639071 CEST1.1.1.1192.168.2.40x15d2Name error (3)necessaryneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.449105978 CEST1.1.1.1192.168.2.40x84cdName error (3)pleasantenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.489624023 CEST1.1.1.1192.168.2.40x4ee4Name error (3)necessaryenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.519696951 CEST1.1.1.1192.168.2.40xe2b9Name error (3)pleasantgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.531131029 CEST1.1.1.1192.168.2.40x8fd1Name error (3)necessarygovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.541373968 CEST1.1.1.1192.168.2.40xc14Name error (3)ordernature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.568809032 CEST1.1.1.1192.168.2.40xecd9Name error (3)requirenature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.606996059 CEST1.1.1.1192.168.2.40x4b35Name error (3)orderneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.617621899 CEST1.1.1.1192.168.2.40xc0b6Name error (3)requireneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.629333019 CEST1.1.1.1192.168.2.40x2211Name error (3)orderenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.660881996 CEST1.1.1.1192.168.2.40xf7d1Name error (3)requireenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.693945885 CEST1.1.1.1192.168.2.40xc76Name error (3)ordergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.729154110 CEST1.1.1.1192.168.2.40x82e3Name error (3)requiregovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.740480900 CEST1.1.1.1192.168.2.40x60b7Name error (3)leadernature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.752187014 CEST1.1.1.1192.168.2.40x98b1Name error (3)heavennature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.785155058 CEST1.1.1.1192.168.2.40xe46bName error (3)leaderneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.797343016 CEST1.1.1.1192.168.2.40xf92aName error (3)heavenneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.810630083 CEST1.1.1.1192.168.2.40xfa5dName error (3)leaderenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.828193903 CEST1.1.1.1192.168.2.40x9f48Name error (3)heavenenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.844763041 CEST1.1.1.1192.168.2.40x7cb3Name error (3)leadergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.856390953 CEST1.1.1.1192.168.2.40x9c58Name error (3)heavengovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.867223978 CEST1.1.1.1192.168.2.40xe8b4Name error (3)heavynature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.879070044 CEST1.1.1.1192.168.2.40xf5b6Name error (3)gentlenature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.889914989 CEST1.1.1.1192.168.2.40xba3Name error (3)heavyneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.900331020 CEST1.1.1.1192.168.2.40xcb4Name error (3)gentleneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.910808086 CEST1.1.1.1192.168.2.40xd8f9Name error (3)heavyenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.944013119 CEST1.1.1.1192.168.2.40x677dName error (3)gentleenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.955724955 CEST1.1.1.1192.168.2.40xed1Name error (3)heavygovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:20.966531992 CEST1.1.1.1192.168.2.40xcf0bName error (3)gentlegovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.003036022 CEST1.1.1.1192.168.2.40xd830Name error (3)variousnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.014677048 CEST1.1.1.1192.168.2.40x5735Name error (3)returnnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.027364016 CEST1.1.1.1192.168.2.40x9ce5Name error (3)variousneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.334398985 CEST1.1.1.1192.168.2.40x7d88No error (0)returnneedle.net54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.088501930 CEST1.1.1.1192.168.2.40xd73aName error (3)variousenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.205935001 CEST1.1.1.1192.168.2.40xfda2Name error (3)returnenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.249794960 CEST1.1.1.1192.168.2.40xfd08Name error (3)variousgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.287610054 CEST1.1.1.1192.168.2.40x4ce6Name error (3)returngovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.335561037 CEST1.1.1.1192.168.2.40xc710Name error (3)degreefurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.349267960 CEST1.1.1.1192.168.2.40x3b74Name error (3)forwardfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.361551046 CEST1.1.1.1192.168.2.40xdda8Name error (3)degreecover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.372050047 CEST1.1.1.1192.168.2.40xdeebName error (3)forwardcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.384140968 CEST1.1.1.1192.168.2.40x102cName error (3)degreebecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.013911009 CEST1.1.1.1192.168.2.40xd3b6Name error (3)degreecompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.316359043 CEST1.1.1.1192.168.2.40xdcb7No error (0)forwardcompany.net34.218.204.173A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.093738079 CEST1.1.1.1192.168.2.40x99f7Name error (3)answerfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.105087996 CEST1.1.1.1192.168.2.40x6777Name error (3)glassfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.138032913 CEST1.1.1.1192.168.2.40x821fName error (3)answercover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.150547981 CEST1.1.1.1192.168.2.40x7013Name error (3)glasscover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.161535978 CEST1.1.1.1192.168.2.40x3e31Name error (3)answerbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.172763109 CEST1.1.1.1192.168.2.40xc17bName error (3)glassbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.208744049 CEST1.1.1.1192.168.2.40xc05Name error (3)answercompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.458004951 CEST1.1.1.1192.168.2.40xbb97No error (0)glasscompany.nettraff-1.hugedomains.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.458004951 CEST1.1.1.1192.168.2.40xbb97No error (0)traff-1.hugedomains.comhdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.458004951 CEST1.1.1.1192.168.2.40xbb97No error (0)hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com52.71.57.184A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.458004951 CEST1.1.1.1192.168.2.40xbb97No error (0)hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com54.209.32.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.988768101 CEST1.1.1.1192.168.2.40xadd6Name error (3)difficultfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.026707888 CEST1.1.1.1192.168.2.40x5a59Name error (3)heardfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.038799047 CEST1.1.1.1192.168.2.40xae1eName error (3)difficultcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.072815895 CEST1.1.1.1192.168.2.40xfa39Name error (3)heardcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.108537912 CEST1.1.1.1192.168.2.40xb25aName error (3)difficultbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.120690107 CEST1.1.1.1192.168.2.40x5e4aName error (3)heardbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.132929087 CEST1.1.1.1192.168.2.40x973cName error (3)difficultcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.170883894 CEST1.1.1.1192.168.2.40xf294Name error (3)heardcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.203480959 CEST1.1.1.1192.168.2.40x1795Name error (3)pleasantfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.215326071 CEST1.1.1.1192.168.2.40x6faaName error (3)necessaryfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.585125923 CEST1.1.1.1192.168.2.40xd8cbNo error (0)pleasantcover.net7450.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.585125923 CEST1.1.1.1192.168.2.40xd8cbNo error (0)7450.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.090936899 CEST1.1.1.1192.168.2.40x5aeaName error (3)necessarycover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.126622915 CEST1.1.1.1192.168.2.40x6c1fName error (3)pleasantbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.286885977 CEST1.1.1.1192.168.2.40xee17Name error (3)necessarybecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.004633904 CEST1.1.1.1192.168.2.40x5611Name error (3)answerneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.016480923 CEST1.1.1.1192.168.2.40x89c6Name error (3)glassneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.055171967 CEST1.1.1.1192.168.2.40xc511Name error (3)answerenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.088315010 CEST1.1.1.1192.168.2.40x5f52Name error (3)glassenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.098994017 CEST1.1.1.1192.168.2.40x8259Name error (3)answergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.110034943 CEST1.1.1.1192.168.2.40x2e6dName error (3)glassgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.120608091 CEST1.1.1.1192.168.2.40xd833Name error (3)difficultnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.157426119 CEST1.1.1.1192.168.2.40x201dName error (3)heardnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.190680027 CEST1.1.1.1192.168.2.40x854eName error (3)difficultneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.207247972 CEST1.1.1.1192.168.2.40x33a5Name error (3)heardneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.244110107 CEST1.1.1.1192.168.2.40x6fddName error (3)difficultenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.277769089 CEST1.1.1.1192.168.2.40x7857Name error (3)heardenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.314943075 CEST1.1.1.1192.168.2.40xab6cName error (3)difficultgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.327742100 CEST1.1.1.1192.168.2.40x9bbfName error (3)heardgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.338877916 CEST1.1.1.1192.168.2.40x7397Name error (3)pleasantnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.350084066 CEST1.1.1.1192.168.2.40xd5d2Name error (3)necessarynature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.363928080 CEST1.1.1.1192.168.2.40xe4b3Name error (3)pleasantneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.375638008 CEST1.1.1.1192.168.2.40xb371Name error (3)necessaryneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.387729883 CEST1.1.1.1192.168.2.40x9f58Name error (3)pleasantenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.429469109 CEST1.1.1.1192.168.2.40xcae8Name error (3)necessaryenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.441629887 CEST1.1.1.1192.168.2.40x3440Name error (3)pleasantgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.480144024 CEST1.1.1.1192.168.2.40xa5deName error (3)necessarygovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.491015911 CEST1.1.1.1192.168.2.40xa8a5Name error (3)ordernature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.537239075 CEST1.1.1.1192.168.2.40x454eName error (3)requirenature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.571970940 CEST1.1.1.1192.168.2.40xf663Name error (3)orderneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.585814953 CEST1.1.1.1192.168.2.40x2d73Name error (3)requireneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.597059965 CEST1.1.1.1192.168.2.40x847fName error (3)orderenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.628814936 CEST1.1.1.1192.168.2.40x75f7Name error (3)requireenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.643729925 CEST1.1.1.1192.168.2.40x5800Name error (3)ordergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.657965899 CEST1.1.1.1192.168.2.40xe067Name error (3)requiregovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.689198017 CEST1.1.1.1192.168.2.40xff4Name error (3)leadernature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.700522900 CEST1.1.1.1192.168.2.40x2fc6Name error (3)heavennature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.732482910 CEST1.1.1.1192.168.2.40x32abName error (3)leaderneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.745174885 CEST1.1.1.1192.168.2.40x1704Name error (3)heavenneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.755985975 CEST1.1.1.1192.168.2.40xe416Name error (3)leaderenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.791457891 CEST1.1.1.1192.168.2.40x8662Name error (3)heavenenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.803268909 CEST1.1.1.1192.168.2.40xe5afName error (3)leadergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.814083099 CEST1.1.1.1192.168.2.40x6c1fName error (3)heavengovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.823860884 CEST1.1.1.1192.168.2.40xafeeName error (3)heavynature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.857599020 CEST1.1.1.1192.168.2.40xec46Name error (3)gentlenature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.867928028 CEST1.1.1.1192.168.2.40xc077Name error (3)heavyneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.899880886 CEST1.1.1.1192.168.2.40x4e05Name error (3)gentleneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.911711931 CEST1.1.1.1192.168.2.40x9742Name error (3)heavyenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.948250055 CEST1.1.1.1192.168.2.40x90c0Name error (3)gentleenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:38.983983040 CEST1.1.1.1192.168.2.40x3ceeName error (3)heavygovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.004292011 CEST1.1.1.1192.168.2.40x695bName error (3)gentlegovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.037817955 CEST1.1.1.1192.168.2.40x1a2eName error (3)variousnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.048391104 CEST1.1.1.1192.168.2.40x50ccName error (3)returnnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.061547995 CEST1.1.1.1192.168.2.40xf602Name error (3)variousneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.817190886 CEST1.1.1.1192.168.2.40x70aeName error (3)variousenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.830588102 CEST1.1.1.1192.168.2.40x7a50Name error (3)returnenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.862406015 CEST1.1.1.1192.168.2.40x36f7Name error (3)variousgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.900032997 CEST1.1.1.1192.168.2.40xc9bfName error (3)returngovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.074608088 CEST1.1.1.1192.168.2.40xead9Name error (3)degreefurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.089221954 CEST1.1.1.1192.168.2.40x9ed0Name error (3)forwardfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.100800991 CEST1.1.1.1192.168.2.40xccf5Name error (3)degreecover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.136728048 CEST1.1.1.1192.168.2.40x3407Name error (3)forwardcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.171176910 CEST1.1.1.1192.168.2.40x92aName error (3)degreebecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.183373928 CEST1.1.1.1192.168.2.40x84e4Name error (3)forwardbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.196278095 CEST1.1.1.1192.168.2.40xc807Name error (3)degreecompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.895571947 CEST1.1.1.1192.168.2.40x2c16Name error (3)answerfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.906969070 CEST1.1.1.1192.168.2.40xe700Name error (3)glassfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.918786049 CEST1.1.1.1192.168.2.40x541bName error (3)answercover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.930389881 CEST1.1.1.1192.168.2.40xe356Name error (3)glasscover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.940535069 CEST1.1.1.1192.168.2.40x6081Name error (3)answerbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.951064110 CEST1.1.1.1192.168.2.40x89c3Name error (3)glassbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.963449955 CEST1.1.1.1192.168.2.40xf5cbName error (3)answercompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.247931004 CEST1.1.1.1192.168.2.40x3907No error (0)glasscompany.nettraff-1.hugedomains.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.247931004 CEST1.1.1.1192.168.2.40x3907No error (0)traff-1.hugedomains.comhdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.247931004 CEST1.1.1.1192.168.2.40x3907No error (0)hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com54.209.32.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.247931004 CEST1.1.1.1192.168.2.40x3907No error (0)hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com52.71.57.184A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.774539948 CEST1.1.1.1192.168.2.40x63c6Name error (3)difficultfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.817284107 CEST1.1.1.1192.168.2.40x7d7Name error (3)heardfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.854537010 CEST1.1.1.1192.168.2.40x25a5Name error (3)difficultcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.866115093 CEST1.1.1.1192.168.2.40x3c4dName error (3)heardcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.876334906 CEST1.1.1.1192.168.2.40xc5d8Name error (3)difficultbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.886713982 CEST1.1.1.1192.168.2.40xc6ccName error (3)heardbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.897685051 CEST1.1.1.1192.168.2.40x7769Name error (3)difficultcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.907331944 CEST1.1.1.1192.168.2.40xa1bfName error (3)heardcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.918814898 CEST1.1.1.1192.168.2.40x289eName error (3)pleasantfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.932874918 CEST1.1.1.1192.168.2.40xe252Name error (3)necessaryfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.462270021 CEST1.1.1.1192.168.2.40x8b6aName error (3)necessarycover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.473649025 CEST1.1.1.1192.168.2.40x724aName error (3)pleasantbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.487142086 CEST1.1.1.1192.168.2.40x9c1Name error (3)necessarybecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.499075890 CEST1.1.1.1192.168.2.40x6f8eName error (3)pleasantcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.843338966 CEST1.1.1.1192.168.2.40x4b27Name error (3)heardneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.888653040 CEST1.1.1.1192.168.2.40xf477Name error (3)difficultenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.923321009 CEST1.1.1.1192.168.2.40xb32eName error (3)heardenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.933897018 CEST1.1.1.1192.168.2.40x211Name error (3)difficultgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.946746111 CEST1.1.1.1192.168.2.40x9b7aName error (3)heardgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.958240986 CEST1.1.1.1192.168.2.40x9b25Name error (3)pleasantnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:48.989178896 CEST1.1.1.1192.168.2.40x83b8Name error (3)necessarynature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.026511908 CEST1.1.1.1192.168.2.40x5805Name error (3)pleasantneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.039850950 CEST1.1.1.1192.168.2.40xa47fName error (3)necessaryneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.050618887 CEST1.1.1.1192.168.2.40x1bf2Name error (3)pleasantenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.086251020 CEST1.1.1.1192.168.2.40x2759Name error (3)necessaryenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.097558022 CEST1.1.1.1192.168.2.40x4f89Name error (3)pleasantgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.109061003 CEST1.1.1.1192.168.2.40x6d4fName error (3)necessarygovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.120160103 CEST1.1.1.1192.168.2.40x660Name error (3)ordernature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.152117014 CEST1.1.1.1192.168.2.40xe5d7Name error (3)requirenature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.184545040 CEST1.1.1.1192.168.2.40xb571Name error (3)orderneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.216222048 CEST1.1.1.1192.168.2.40x72afName error (3)requireneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.227883101 CEST1.1.1.1192.168.2.40xb81aName error (3)orderenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.264081955 CEST1.1.1.1192.168.2.40xd1e5Name error (3)requireenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.425395012 CEST1.1.1.1192.168.2.40xf318Name error (3)ordergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.436055899 CEST1.1.1.1192.168.2.40x9171Name error (3)requiregovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.467691898 CEST1.1.1.1192.168.2.40x9803Name error (3)leadernature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.643107891 CEST1.1.1.1192.168.2.40x3befName error (3)heavennature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.685338974 CEST1.1.1.1192.168.2.40xa3cbName error (3)leaderneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.716875076 CEST1.1.1.1192.168.2.40x7e3dName error (3)heavenneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.748224020 CEST1.1.1.1192.168.2.40xe03cName error (3)leaderenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.761845112 CEST1.1.1.1192.168.2.40x5553Name error (3)heavenenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.772380114 CEST1.1.1.1192.168.2.40xd0d3Name error (3)leadergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.808579922 CEST1.1.1.1192.168.2.40x64deName error (3)heavengovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.822535038 CEST1.1.1.1192.168.2.40x84b2Name error (3)heavynature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.854978085 CEST1.1.1.1192.168.2.40x4b42Name error (3)gentlenature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.866723061 CEST1.1.1.1192.168.2.40x3671Name error (3)heavyneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.900227070 CEST1.1.1.1192.168.2.40xe003Name error (3)gentleneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.910893917 CEST1.1.1.1192.168.2.40x182bName error (3)heavyenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:49.921144009 CEST1.1.1.1192.168.2.40x59f0Name error (3)gentleenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.085330963 CEST1.1.1.1192.168.2.40x6dfcName error (3)heavygovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.100657940 CEST1.1.1.1192.168.2.40x613eName error (3)gentlegovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.132741928 CEST1.1.1.1192.168.2.40x82c7Name error (3)variousnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.143801928 CEST1.1.1.1192.168.2.40x9031Name error (3)returnnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.180759907 CEST1.1.1.1192.168.2.40x8af4Name error (3)variousneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.942312956 CEST1.1.1.1192.168.2.40x62b1Name error (3)variousenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.976795912 CEST1.1.1.1192.168.2.40xc7c1Name error (3)returnenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.015235901 CEST1.1.1.1192.168.2.40xb074Name error (3)variousgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.030980110 CEST1.1.1.1192.168.2.40xa7f9Name error (3)returngovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.044868946 CEST1.1.1.1192.168.2.40x4a02Name error (3)degreefurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.057543039 CEST1.1.1.1192.168.2.40x54ffName error (3)forwardfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.068634033 CEST1.1.1.1192.168.2.40xd3caName error (3)degreecover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.101561069 CEST1.1.1.1192.168.2.40x416fName error (3)forwardcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.112865925 CEST1.1.1.1192.168.2.40x9fb9Name error (3)degreebecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.123789072 CEST1.1.1.1192.168.2.40xe746Name error (3)forwardbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.290184021 CEST1.1.1.1192.168.2.40x954cName error (3)degreecompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.071948051 CEST1.1.1.1192.168.2.40xb115Name error (3)answerfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.103987932 CEST1.1.1.1192.168.2.40x604aName error (3)glassfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.119075060 CEST1.1.1.1192.168.2.40xb81aName error (3)answercover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.130049944 CEST1.1.1.1192.168.2.40xb57Name error (3)glasscover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.141549110 CEST1.1.1.1192.168.2.40xb505Name error (3)answerbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.154079914 CEST1.1.1.1192.168.2.40x8783Name error (3)glassbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.167140007 CEST1.1.1.1192.168.2.40x6d55Name error (3)answercompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.646266937 CEST1.1.1.1192.168.2.40xcb8eName error (3)difficultfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.679728031 CEST1.1.1.1192.168.2.40x2708Name error (3)heardfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.852741957 CEST1.1.1.1192.168.2.40xd2f5Name error (3)difficultcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.868295908 CEST1.1.1.1192.168.2.40x6b1aName error (3)heardcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.879282951 CEST1.1.1.1192.168.2.40x8b9bName error (3)difficultbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.890888929 CEST1.1.1.1192.168.2.40x1e2cName error (3)heardbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.904325008 CEST1.1.1.1192.168.2.40x7Name error (3)difficultcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.918318987 CEST1.1.1.1192.168.2.40xf2b3Name error (3)heardcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.079493999 CEST1.1.1.1192.168.2.40x67ceName error (3)pleasantfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.119944096 CEST1.1.1.1192.168.2.40xa48aName error (3)necessaryfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.634460926 CEST1.1.1.1192.168.2.40xfedfName error (3)necessarycover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.807913065 CEST1.1.1.1192.168.2.40xe65Name error (3)pleasantbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.848771095 CEST1.1.1.1192.168.2.40x8355Name error (3)necessarybecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.863404989 CEST1.1.1.1192.168.2.40x7220Name error (3)pleasantcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.874034882 CEST1.1.1.1192.168.2.40xc63fName error (3)necessarycompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.886977911 CEST1.1.1.1192.168.2.40xebbeName error (3)orderfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.920269966 CEST1.1.1.1192.168.2.40x9b74Name error (3)requirefurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.932507038 CEST1.1.1.1192.168.2.40x4019Name error (3)ordercover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.966643095 CEST1.1.1.1192.168.2.40xc3a5Name error (3)requirecover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.982570887 CEST1.1.1.1192.168.2.40x15a3Name error (3)orderbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.020387888 CEST1.1.1.1192.168.2.40x7d44Name error (3)requirebecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.546838999 CEST1.1.1.1192.168.2.40x2373No error (0)ordercompany.net210.157.78.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.402309895 CEST1.1.1.1192.168.2.40xe612Name error (3)requirecompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.911128998 CEST1.1.1.1192.168.2.40x6b85Name error (3)necessaryenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.923584938 CEST1.1.1.1192.168.2.40x129fName error (3)pleasantgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.935820103 CEST1.1.1.1192.168.2.40xd84fName error (3)necessarygovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.947812080 CEST1.1.1.1192.168.2.40xa8afName error (3)ordernature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.958518028 CEST1.1.1.1192.168.2.40x7416Name error (3)requirenature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:28:59.992185116 CEST1.1.1.1192.168.2.40xa6f4Name error (3)orderneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.003770113 CEST1.1.1.1192.168.2.40x99c2Name error (3)requireneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.014816046 CEST1.1.1.1192.168.2.40xb13eName error (3)orderenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.026364088 CEST1.1.1.1192.168.2.40x84b7Name error (3)requireenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.037784100 CEST1.1.1.1192.168.2.40xf01aName error (3)ordergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.076275110 CEST1.1.1.1192.168.2.40xd969Name error (3)requiregovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.089154005 CEST1.1.1.1192.168.2.40xef7aName error (3)leadernature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.125044107 CEST1.1.1.1192.168.2.40x5b26Name error (3)heavennature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.164529085 CEST1.1.1.1192.168.2.40xfe91Name error (3)leaderneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.176084042 CEST1.1.1.1192.168.2.40xd4edName error (3)heavenneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.208859921 CEST1.1.1.1192.168.2.40x6fbaName error (3)leaderenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.220822096 CEST1.1.1.1192.168.2.40xaccaName error (3)heavenenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.255624056 CEST1.1.1.1192.168.2.40x9d78Name error (3)leadergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.267288923 CEST1.1.1.1192.168.2.40x61e8Name error (3)heavengovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.299108028 CEST1.1.1.1192.168.2.40x1d40Name error (3)heavynature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.331990004 CEST1.1.1.1192.168.2.40x593eName error (3)gentlenature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.377178907 CEST1.1.1.1192.168.2.40x1c06Name error (3)heavyneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.389302015 CEST1.1.1.1192.168.2.40x6eddName error (3)gentleneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.424264908 CEST1.1.1.1192.168.2.40xce54Name error (3)heavyenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.437735081 CEST1.1.1.1192.168.2.40x38b2Name error (3)gentleenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.599642992 CEST1.1.1.1192.168.2.40x1762Name error (3)heavygovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.615637064 CEST1.1.1.1192.168.2.40x3644Name error (3)gentlegovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.650736094 CEST1.1.1.1192.168.2.40x48f3Name error (3)variousnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.663043022 CEST1.1.1.1192.168.2.40x68b9Name error (3)returnnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.676719904 CEST1.1.1.1192.168.2.40x7603Name error (3)variousneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.417331934 CEST1.1.1.1192.168.2.40x946Name error (3)variousenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.431292057 CEST1.1.1.1192.168.2.40xb499Name error (3)returnenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.441975117 CEST1.1.1.1192.168.2.40x7e04Name error (3)variousgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.481990099 CEST1.1.1.1192.168.2.40x5bbcName error (3)returngovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.494277954 CEST1.1.1.1192.168.2.40x6cccName error (3)degreefurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.531297922 CEST1.1.1.1192.168.2.40xebeeName error (3)forwardfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.547818899 CEST1.1.1.1192.168.2.40x41e9Name error (3)degreecover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.584518909 CEST1.1.1.1192.168.2.40x8d31Name error (3)forwardcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.625305891 CEST1.1.1.1192.168.2.40xdda4Name error (3)degreebecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.638153076 CEST1.1.1.1192.168.2.40x25eaName error (3)forwardbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.651551962 CEST1.1.1.1192.168.2.40x531dName error (3)degreecompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.402667999 CEST1.1.1.1192.168.2.40x9100Name error (3)answerfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.417562962 CEST1.1.1.1192.168.2.40xf3d2Name error (3)glassfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.429759026 CEST1.1.1.1192.168.2.40x164aName error (3)answercover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.441572905 CEST1.1.1.1192.168.2.40x2343Name error (3)glasscover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.453607082 CEST1.1.1.1192.168.2.40x278fName error (3)answerbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.493717909 CEST1.1.1.1192.168.2.40x88bbName error (3)glassbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.529685974 CEST1.1.1.1192.168.2.40xbdd2Name error (3)answercompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.015990973 CEST1.1.1.1192.168.2.40xda8cName error (3)difficultfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.048245907 CEST1.1.1.1192.168.2.40x9925Name error (3)heardfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.083533049 CEST1.1.1.1192.168.2.40xa4b9Name error (3)difficultcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.416898012 CEST1.1.1.1192.168.2.40xfb4aName error (3)heardcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.434756994 CEST1.1.1.1192.168.2.40x99Name error (3)difficultbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.468475103 CEST1.1.1.1192.168.2.40x29c6Name error (3)heardbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.499856949 CEST1.1.1.1192.168.2.40xceeaName error (3)difficultcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.510364056 CEST1.1.1.1192.168.2.40x1df1Name error (3)heardcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.522382975 CEST1.1.1.1192.168.2.40x8949Name error (3)pleasantfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.533900976 CEST1.1.1.1192.168.2.40x1d9dName error (3)necessaryfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.056524992 CEST1.1.1.1192.168.2.40xdaabName error (3)necessarycover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.077851057 CEST1.1.1.1192.168.2.40x392cName error (3)pleasantbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.106250048 CEST1.1.1.1192.168.2.40xc621Name error (3)necessarybecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.135023117 CEST1.1.1.1192.168.2.40x6197Name error (3)pleasantcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.157249928 CEST1.1.1.1192.168.2.40x3ae0Name error (3)necessarycompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.440036058 CEST1.1.1.1192.168.2.40x656cName error (3)orderfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.456969023 CEST1.1.1.1192.168.2.40x8b2aName error (3)requirefurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.468709946 CEST1.1.1.1192.168.2.40x49fdName error (3)ordercover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.505619049 CEST1.1.1.1192.168.2.40xd4d7Name error (3)requirecover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.518942118 CEST1.1.1.1192.168.2.40xcca0Name error (3)orderbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.531543970 CEST1.1.1.1192.168.2.40x16e8Name error (3)requirebecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.750504971 CEST1.1.1.1192.168.2.40xa57fName error (3)requirecompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.762093067 CEST1.1.1.1192.168.2.40x23beName error (3)leaderfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.773885012 CEST1.1.1.1192.168.2.40xbffbName error (3)heavenfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.785048962 CEST1.1.1.1192.168.2.40x62a1Name error (3)leadercover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.817622900 CEST1.1.1.1192.168.2.40xc181Name error (3)heavencover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.828694105 CEST1.1.1.1192.168.2.40xccc7Name error (3)leaderbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.862397909 CEST1.1.1.1192.168.2.40x46b8Name error (3)heavenbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.996939898 CEST1.1.1.1192.168.2.40xd77cNo error (0)leadercompany.net185.111.247.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.848793983 CEST1.1.1.1192.168.2.40x757Name error (3)heavencompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.886691093 CEST1.1.1.1192.168.2.40xf855Name error (3)heavyfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.898998022 CEST1.1.1.1192.168.2.40x21a7Name error (3)gentlefurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.411957979 CEST1.1.1.1192.168.2.40x2853Name error (3)leadernature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.423286915 CEST1.1.1.1192.168.2.40x59deName error (3)heavennature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.435648918 CEST1.1.1.1192.168.2.40x76e5Name error (3)leaderneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.464720964 CEST1.1.1.1192.168.2.40x1796Name error (3)heavenneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.479769945 CEST1.1.1.1192.168.2.40x2b0eName error (3)leaderenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.515147924 CEST1.1.1.1192.168.2.40x9126Name error (3)heavenenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.550947905 CEST1.1.1.1192.168.2.40x40dcName error (3)leadergovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.563805103 CEST1.1.1.1192.168.2.40x61ebName error (3)heavengovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.576072931 CEST1.1.1.1192.168.2.40x17c7Name error (3)heavynature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.588906050 CEST1.1.1.1192.168.2.40x9de9Name error (3)gentlenature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.599961996 CEST1.1.1.1192.168.2.40xd346Name error (3)heavyneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.612886906 CEST1.1.1.1192.168.2.40xf0e8Name error (3)gentleneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.649171114 CEST1.1.1.1192.168.2.40x5ccaName error (3)heavyenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.662306070 CEST1.1.1.1192.168.2.40xa83bName error (3)gentleenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.836005926 CEST1.1.1.1192.168.2.40x502bName error (3)heavygovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.871547937 CEST1.1.1.1192.168.2.40x32beName error (3)gentlegovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:11.904134035 CEST1.1.1.1192.168.2.40x7996Name error (3)variousnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.065608025 CEST1.1.1.1192.168.2.40x1cf0Name error (3)returnnature.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.079703093 CEST1.1.1.1192.168.2.40x5a02Name error (3)variousneedle.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.056622982 CEST1.1.1.1192.168.2.40xd1e4Name error (3)variousenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.067346096 CEST1.1.1.1192.168.2.40xbb51Name error (3)returnenough.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.104300022 CEST1.1.1.1192.168.2.40x3480Name error (3)variousgovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.116532087 CEST1.1.1.1192.168.2.40x9733Name error (3)returngovern.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.150419950 CEST1.1.1.1192.168.2.40x7b6fName error (3)degreefurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.162533998 CEST1.1.1.1192.168.2.40x9b9dName error (3)forwardfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.173902035 CEST1.1.1.1192.168.2.40x411Name error (3)degreecover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.193353891 CEST1.1.1.1192.168.2.40x390fName error (3)forwardcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.206099987 CEST1.1.1.1192.168.2.40x80e2Name error (3)degreebecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.216545105 CEST1.1.1.1192.168.2.40x8022Name error (3)forwardbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.229352951 CEST1.1.1.1192.168.2.40x8b2cName error (3)degreecompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.002518892 CEST1.1.1.1192.168.2.40xb8a3Name error (3)answerfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.039557934 CEST1.1.1.1192.168.2.40xaf4bName error (3)glassfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.050653934 CEST1.1.1.1192.168.2.40x7d15Name error (3)answercover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.061521053 CEST1.1.1.1192.168.2.40xda76Name error (3)glasscover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.073775053 CEST1.1.1.1192.168.2.40xe338Name error (3)answerbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.108967066 CEST1.1.1.1192.168.2.40x7c55Name error (3)glassbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.122062922 CEST1.1.1.1192.168.2.40xc60aName error (3)answercompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.624492884 CEST1.1.1.1192.168.2.40x63b1Name error (3)difficultfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.636476994 CEST1.1.1.1192.168.2.40x8c71Name error (3)heardfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.668234110 CEST1.1.1.1192.168.2.40x728eName error (3)difficultcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.707294941 CEST1.1.1.1192.168.2.40x43ccName error (3)heardcover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.884077072 CEST1.1.1.1192.168.2.40xe0cName error (3)difficultbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.908761024 CEST1.1.1.1192.168.2.40x1ff6Name error (3)heardbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.943896055 CEST1.1.1.1192.168.2.40xbc9Name error (3)difficultcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.955274105 CEST1.1.1.1192.168.2.40x7505Name error (3)heardcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.965862036 CEST1.1.1.1192.168.2.40xf61eName error (3)pleasantfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.002609015 CEST1.1.1.1192.168.2.40x722bName error (3)necessaryfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.508517981 CEST1.1.1.1192.168.2.40x911bName error (3)necessarycover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.543019056 CEST1.1.1.1192.168.2.40xc3ffName error (3)pleasantbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.719302893 CEST1.1.1.1192.168.2.40xac29Name error (3)necessarybecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.734956980 CEST1.1.1.1192.168.2.40x554dName error (3)pleasantcompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.770735979 CEST1.1.1.1192.168.2.40x681fName error (3)necessarycompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.782696009 CEST1.1.1.1192.168.2.40x7895Name error (3)orderfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.944715023 CEST1.1.1.1192.168.2.40x1b77Name error (3)requirefurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.960464954 CEST1.1.1.1192.168.2.40x1f19Name error (3)ordercover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.118673086 CEST1.1.1.1192.168.2.40x338fName error (3)requirecover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.135003090 CEST1.1.1.1192.168.2.40x7e38Name error (3)orderbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.146373034 CEST1.1.1.1192.168.2.40xe98Name error (3)requirebecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.983405113 CEST1.1.1.1192.168.2.40x3a17Name error (3)requirecompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.020791054 CEST1.1.1.1192.168.2.40xa3abName error (3)leaderfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.057077885 CEST1.1.1.1192.168.2.40x3347Name error (3)heavenfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.067508936 CEST1.1.1.1192.168.2.40x26fcName error (3)leadercover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.077383995 CEST1.1.1.1192.168.2.40x7b16Name error (3)heavencover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.107487917 CEST1.1.1.1192.168.2.40xbaeaName error (3)leaderbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.149900913 CEST1.1.1.1192.168.2.40xadb3Name error (3)heavenbecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.983875990 CEST1.1.1.1192.168.2.40xd12aName error (3)heavencompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:18.446687937 CEST1.1.1.1192.168.2.40x4b42Name error (3)heavyfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:18.487235069 CEST1.1.1.1192.168.2.40x8c1bName error (3)gentlefurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.791028023 CEST1.1.1.1192.168.2.40x7d02No error (0)heavycover.net162.43.112.11A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.791209936 CEST1.1.1.1192.168.2.40x7d02No error (0)heavycover.net162.43.112.11A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.657280922 CEST1.1.1.1192.168.2.40x4841Name error (3)gentlecover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.671979904 CEST1.1.1.1192.168.2.40xace9Name error (3)heavybecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.683190107 CEST1.1.1.1192.168.2.40x1aeName error (3)gentlebecome.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.720767021 CEST1.1.1.1192.168.2.40x2ed8Name error (3)heavycompany.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.766282082 CEST1.1.1.1192.168.2.40xae89No error (0)gentlecompany.net103.169.142.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.289216995 CEST1.1.1.1192.168.2.40xa934Name error (3)variousfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.329318047 CEST1.1.1.1192.168.2.40xbcc9Name error (3)returnfurther.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.365353107 CEST1.1.1.1192.168.2.40x95f7Name error (3)variouscover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.380625963 CEST1.1.1.1192.168.2.40xb1aaName error (3)returncover.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.397382021 CEST1.1.1.1192.168.2.40x69b0Name error (3)variousbecome.netnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                              • returnneedle.net
                                                                                                                                                                                                              • forwardcompany.net
                                                                                                                                                                                                              • glasscompany.net
                                                                                                                                                                                                              • pleasantcover.net
                                                                                                                                                                                                              • ordercompany.net
                                                                                                                                                                                                              • leadercompany.net
                                                                                                                                                                                                              • heavycover.net
                                                                                                                                                                                                              • gentlecompany.net

                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              0192.168.2.44973054.244.188.177805772C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:27:21.342403889 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: returnneedle.net
                                                                                                                                                                                                              Oct 9, 2024 16:27:22.072129965 CEST381INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:27:21 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=d78b988f142ee5ab6135ce5b8974f1fd|8.46.123.33|1728484041|1728484041|0|1|0; path=/; domain=.returnneedle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              1192.168.2.45024534.218.204.173805772C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:27:23.323750019 CEST85OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: forwardcompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.080430031 CEST383INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:27:23 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=8d9da7e0de57ab8f873a815d57227884|8.46.123.33|1728484043|1728484043|0|1|0; path=/; domain=.forwardcompany.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              2192.168.2.45024652.71.57.184805772C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.464997053 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: glasscompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:27:24.951749086 CEST174INHTTP/1.1 302 Found
                                                                                                                                                                                                              content-length: 0
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:27:23 GMT
                                                                                                                                                                                                              location: https://www.hugedomains.com/domain_profile.cfm?d=glasscompany.net
                                                                                                                                                                                                              connection: close


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              3192.168.2.450247199.59.243.227805772C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:27:25.591036081 CEST84OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: pleasantcover.net
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.078423023 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:27:25 GMT
                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                              content-length: 1062
                                                                                                                                                                                                              x-request-id: 0bb013c6-be87-4a17-9bdc-7f768ecd0878
                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xEp6L8+31RoRHrUkSlSqRyKFAGFxxdZZmxezQ1LEDS3SNX8/Eq4hmikUS494oRTcvsdLCiEs445+uASuG8K+aA==
                                                                                                                                                                                                              set-cookie: parking_session=0bb013c6-be87-4a17-9bdc-7f768ecd0878; expires=Wed, 09 Oct 2024 14:42:26 GMT; path=/
                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 78 45 70 36 4c 38 2b 33 31 52 6f 52 48 72 55 6b 53 6c 53 71 52 79 4b 46 41 47 46 78 78 64 5a 5a 6d 78 65 7a 51 31 4c 45 44 53 33 53 4e 58 38 2f 45 71 34 68 6d 69 6b 55 53 34 39 34 6f 52 54 63 76 73 64 4c 43 69 45 73 34 34 35 2b 75 41 53 75 47 38 4b 2b 61 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xEp6L8+31RoRHrUkSlSqRyKFAGFxxdZZmxezQ1LEDS3SNX8/Eq4hmikUS494oRTcvsdLCiEs445+uASuG8K+aA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                                                              Oct 9, 2024 16:27:26.078448057 CEST515INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMGJiMDEzYzYtYmU4Ny00YTE3LTliZGMtN2Y3NjhlY2QwODc4IiwicGFnZV90aW1lIjoxNzI4NDg0MD


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              4192.168.2.45039754.244.188.17780600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.068682909 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: returnneedle.net
                                                                                                                                                                                                              Oct 9, 2024 16:28:39.802243948 CEST381INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:28:39 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=dd2e1ec173bf147e97ccceaecffc8eef|8.46.123.33|1728484119|1728484119|0|1|0; path=/; domain=.returnneedle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              5192.168.2.45040434.218.204.17380600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:28:40.202727079 CEST85OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: forwardcompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.879479885 CEST383INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:28:40 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=af20e31b64793da01024887626ba13ca|8.46.123.33|1728484120|1728484120|0|1|0; path=/; domain=.forwardcompany.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.879776001 CEST383INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:28:40 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=af20e31b64793da01024887626ba13ca|8.46.123.33|1728484120|1728484120|0|1|0; path=/; domain=.forwardcompany.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Oct 9, 2024 16:28:41.880465031 CEST383INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:28:40 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=af20e31b64793da01024887626ba13ca|8.46.123.33|1728484120|1728484120|0|1|0; path=/; domain=.forwardcompany.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              6192.168.2.45041454.209.32.21280600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.253575087 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: glasscompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.731489897 CEST174INHTTP/1.1 302 Found
                                                                                                                                                                                                              content-length: 0
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:28:42 GMT
                                                                                                                                                                                                              location: https://www.hugedomains.com/domain_profile.cfm?d=glasscompany.net
                                                                                                                                                                                                              connection: close


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              7192.168.2.450418199.59.243.22780600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:28:42.938688040 CEST84OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: pleasantcover.net
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.444996119 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:28:42 GMT
                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                              content-length: 1062
                                                                                                                                                                                                              x-request-id: 886074a5-5f55-4ec5-961e-d595f2f538c7
                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xEp6L8+31RoRHrUkSlSqRyKFAGFxxdZZmxezQ1LEDS3SNX8/Eq4hmikUS494oRTcvsdLCiEs445+uASuG8K+aA==
                                                                                                                                                                                                              set-cookie: parking_session=886074a5-5f55-4ec5-961e-d595f2f538c7; expires=Wed, 09 Oct 2024 14:43:43 GMT; path=/
                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 78 45 70 36 4c 38 2b 33 31 52 6f 52 48 72 55 6b 53 6c 53 71 52 79 4b 46 41 47 46 78 78 64 5a 5a 6d 78 65 7a 51 31 4c 45 44 53 33 53 4e 58 38 2f 45 71 34 68 6d 69 6b 55 53 34 39 34 6f 52 54 63 76 73 64 4c 43 69 45 73 34 34 35 2b 75 41 53 75 47 38 4b 2b 61 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xEp6L8+31RoRHrUkSlSqRyKFAGFxxdZZmxezQ1LEDS3SNX8/Eq4hmikUS494oRTcvsdLCiEs445+uASuG8K+aA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.445487976 CEST224INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiODg2MDc0YTUtNWY1NS00ZWM1LTk2MWUtZDU5NWYyZjUzOGM3IiwicGFnZV9
                                                                                                                                                                                                              Oct 9, 2024 16:28:43.445521116 CEST291INData Raw: 30 61 57 31 6c 49 6a 6f 78 4e 7a 49 34 4e 44 67 30 4d 54 49 7a 4c 43 4a 77 59 57 64 6c 58 33 56 79 62 43 49 36 49 6d 68 30 64 48 41 36 4c 79 39 77 62 47 56 68 63 32 46 75 64 47 4e 76 64 6d 56 79 4c 6d 35 6c 64 43 39 70 62 6d 52 6c 65 43 35 77 61
                                                                                                                                                                                                              Data Ascii: 0aW1lIjoxNzI4NDg0MTIzLCJwYWdlX3VybCI6Imh0dHA6Ly9wbGVhc2FudGNvdmVyLm5ldC9pbmRleC5waHAiLCJwYWdlX21ldGhvZCI6IkdFVCIsInBhZ2VfcmVxdWVzdCI6e30sInBhZ2VfaGVhZGVycyI6e30sImhvc3QiOiJwbGVhc2FudGNvdmVyLm5ldCIsImlwIjoiOC40Ni4xMjMuMzMifQo=";</script><scrip


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              8192.168.2.45045854.244.188.17780600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.186424017 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: returnneedle.net
                                                                                                                                                                                                              Oct 9, 2024 16:28:50.925986052 CEST381INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:28:50 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=c917e3e4879d865df4b2a86c80e51da4|8.46.123.33|1728484130|1728484130|0|1|0; path=/; domain=.returnneedle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              9192.168.2.45046734.218.204.17380600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:28:51.297095060 CEST85OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: forwardcompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.056229115 CEST383INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:28:51 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=a6991c9bfe95f84e3e395065c6021daf|8.46.123.33|1728484131|1728484131|0|1|0; path=/; domain=.forwardcompany.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              10192.168.2.45047354.209.32.21280600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.172791004 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: glasscompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:28:52.632476091 CEST174INHTTP/1.1 302 Found
                                                                                                                                                                                                              content-length: 0
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:28:52 GMT
                                                                                                                                                                                                              location: https://www.hugedomains.com/domain_profile.cfm?d=glasscompany.net
                                                                                                                                                                                                              connection: close


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              11192.168.2.450480199.59.243.22780600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.127873898 CEST84OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: pleasantcover.net
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.593441963 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:28:52 GMT
                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                              content-length: 1062
                                                                                                                                                                                                              x-request-id: aadb4684-5a97-4937-998a-8e2fec57fc5e
                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xEp6L8+31RoRHrUkSlSqRyKFAGFxxdZZmxezQ1LEDS3SNX8/Eq4hmikUS494oRTcvsdLCiEs445+uASuG8K+aA==
                                                                                                                                                                                                              set-cookie: parking_session=aadb4684-5a97-4937-998a-8e2fec57fc5e; expires=Wed, 09 Oct 2024 14:43:53 GMT; path=/
                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 78 45 70 36 4c 38 2b 33 31 52 6f 52 48 72 55 6b 53 6c 53 71 52 79 4b 46 41 47 46 78 78 64 5a 5a 6d 78 65 7a 51 31 4c 45 44 53 33 53 4e 58 38 2f 45 71 34 68 6d 69 6b 55 53 34 39 34 6f 52 54 63 76 73 64 4c 43 69 45 73 34 34 35 2b 75 41 53 75 47 38 4b 2b 61 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xEp6L8+31RoRHrUkSlSqRyKFAGFxxdZZmxezQ1LEDS3SNX8/Eq4hmikUS494oRTcvsdLCiEs445+uASuG8K+aA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                                                              Oct 9, 2024 16:28:53.593458891 CEST515INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYWFkYjQ2ODQtNWE5Ny00OTM3LTk5OGEtOGUyZmVjNTdmYzVlIiwicGFnZV90aW1lIjoxNzI4NDg0MT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              12192.168.2.450487210.157.78.480600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:28:54.560416937 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: ordercompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.363424063 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:28:55 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 2814
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              Last-Modified: Thu, 22 Apr 2021 10:24:00 GMT
                                                                                                                                                                                                              ETag: "afe-5c08d13eb1b03"
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px;
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.363487005 CEST1236INData Raw: 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 65 78 70 6c 61 69 6e 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73
                                                                                                                                                                                                              Data Ascii: margin: 0; padding: 0; color: white;}.explain { border-top: 1px solid #fff; border-bottom: 1px solid #fff; line-height: 1.5; margin: 30px auto; padding: 17px;}#cause { text-align: left;}#cause li {
                                                                                                                                                                                                              Oct 9, 2024 16:28:55.363524914 CEST582INData Raw: 64 69 76 20 69 64 3d 22 62 61 73 65 22 3e 0a 20 20 20 20 3c 68 31 3e 3c 73 70 61 6e 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 20 20 20 3c 68 32 3e
                                                                                                                                                                                                              Data Ascii: div id="base"> <h1><span>404</span><br /> File Not Found</h1> <h2></h2> <p class="explain"></p> <h3>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              13192.168.2.45052354.244.188.17780600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:00.683763027 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: returnneedle.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.401902914 CEST381INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:29:01 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=9c3b03fc0abfc25a52607afbdd35a5b1|8.46.123.33|1728484141|1728484141|0|1|0; path=/; domain=.returnneedle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              14192.168.2.45052934.218.204.17380600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:01.663429022 CEST85OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: forwardcompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.385793924 CEST383INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:29:02 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=46344f8a4c8177f0b3c8024c0c47808f|8.46.123.33|1728484142|1728484142|0|1|0; path=/; domain=.forwardcompany.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              15192.168.2.45053154.209.32.21280600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:02.539334059 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: glasscompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.000838041 CEST174INHTTP/1.1 302 Found
                                                                                                                                                                                                              content-length: 0
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:29:02 GMT
                                                                                                                                                                                                              location: https://www.hugedomains.com/domain_profile.cfm?d=glasscompany.net
                                                                                                                                                                                                              connection: close


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              16192.168.2.450532199.59.243.22780600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:03.540185928 CEST84OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: pleasantcover.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.018954039 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:29:03 GMT
                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                              content-length: 1062
                                                                                                                                                                                                              x-request-id: 896e84bd-d053-4ddb-aa45-22cdb253381a
                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xEp6L8+31RoRHrUkSlSqRyKFAGFxxdZZmxezQ1LEDS3SNX8/Eq4hmikUS494oRTcvsdLCiEs445+uASuG8K+aA==
                                                                                                                                                                                                              set-cookie: parking_session=896e84bd-d053-4ddb-aa45-22cdb253381a; expires=Wed, 09 Oct 2024 14:44:03 GMT; path=/
                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 78 45 70 36 4c 38 2b 33 31 52 6f 52 48 72 55 6b 53 6c 53 71 52 79 4b 46 41 47 46 78 78 64 5a 5a 6d 78 65 7a 51 31 4c 45 44 53 33 53 4e 58 38 2f 45 71 34 68 6d 69 6b 55 53 34 39 34 6f 52 54 63 76 73 64 4c 43 69 45 73 34 34 35 2b 75 41 53 75 47 38 4b 2b 61 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xEp6L8+31RoRHrUkSlSqRyKFAGFxxdZZmxezQ1LEDS3SNX8/Eq4hmikUS494oRTcvsdLCiEs445+uASuG8K+aA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.019299030 CEST515INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiODk2ZTg0YmQtZDA1My00ZGRiLWFhNDUtMjJjZGIyNTMzODFhIiwicGFnZV90aW1lIjoxNzI4NDg0MT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              17192.168.2.450533210.157.78.480600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:04.537552118 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: ordercompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.731906891 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:29:05 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 2814
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              Last-Modified: Thu, 22 Apr 2021 10:24:00 GMT
                                                                                                                                                                                                              ETag: "afe-5c08d13eb1b03"
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px;
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.731923103 CEST224INData Raw: 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 65 78 70 6c 61 69 6e 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73
                                                                                                                                                                                                              Data Ascii: margin: 0; padding: 0; color: white;}.explain { border-top: 1px solid #fff; border-bottom: 1px solid #fff; line-height: 1.5; margin: 30px auto; padding: 17px;}#cause { text-align: left;
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.731930017 CEST1236INData Raw: 0a 7d 0a 23 63 61 75 73 65 20 6c 69 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 7d 0a 68 33 20 7b 0a 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62
                                                                                                                                                                                                              Data Ascii: }#cause li { color: #666;}h3 { letter-spacing: 1px; font-weight: bold; padding: 0;}#white_box { margin: 15px auto 0; background-color: white;}/* ==================== ======================= *
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.731947899 CEST358INData Raw: a3 3c 2f 70 3e 0a 20 20 20 20 3c 68 33 3e b0 ca b2 bc a4 ce a4 e8 a4 a6 a4 ca b8 b6 b0 f8 a4 ac b9 cd a4 a8 a4 e9 a4 ec a4 de a4 b9 a1 a3 3c 2f 68 33 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 77 68 69 74 65 5f 62 6f 78 22 3e 0a 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: </p> <h3></h3> <div id="white_box"> <div id="cause"> <ul> <li></li> <li>UR
                                                                                                                                                                                                              Oct 9, 2024 16:29:05.733041048 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:29:05 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 2814
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              Last-Modified: Thu, 22 Apr 2021 10:24:00 GMT
                                                                                                                                                                                                              ETag: "afe-5c08d13eb1b03"
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px;


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              18192.168.2.450534185.111.247.3880600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.004967928 CEST84OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: leadercompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:06.833544016 CEST213INHTTP/1.0 301 Moved Permanently
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              x-redirect-by: WordPress
                                                                                                                                                                                                              location: https://leadercompany.net/
                                                                                                                                                                                                              content-length: 0
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:29:05 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              19192.168.2.45053554.244.188.17780600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:12.085675001 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: returnneedle.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.040664911 CEST381INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:29:12 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=4b8a28bf23da9cd64a7dd8661ad1cfbc|8.46.123.33|1728484152|1728484152|0|1|0; path=/; domain=.returnneedle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              20192.168.2.45053634.218.204.17380600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.235224962 CEST85OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: forwardcompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:13.986573935 CEST383INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:29:13 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=e7f7d3d49b7a037bb412b8586ad653de|8.46.123.33|1728484153|1728484153|0|1|0; path=/; domain=.forwardcompany.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              21192.168.2.45053754.209.32.21280600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.127835035 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: glasscompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:14.606399059 CEST174INHTTP/1.1 302 Found
                                                                                                                                                                                                              content-length: 0
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:29:14 GMT
                                                                                                                                                                                                              location: https://www.hugedomains.com/domain_profile.cfm?d=glasscompany.net
                                                                                                                                                                                                              connection: close


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              22192.168.2.450538199.59.243.22780600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.009206057 CEST84OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: pleasantcover.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.492477894 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:29:15 GMT
                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                              content-length: 1062
                                                                                                                                                                                                              x-request-id: 1d7914de-d4ea-41ff-846d-4a14c3dc0ce4
                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xEp6L8+31RoRHrUkSlSqRyKFAGFxxdZZmxezQ1LEDS3SNX8/Eq4hmikUS494oRTcvsdLCiEs445+uASuG8K+aA==
                                                                                                                                                                                                              set-cookie: parking_session=1d7914de-d4ea-41ff-846d-4a14c3dc0ce4; expires=Wed, 09 Oct 2024 14:44:15 GMT; path=/
                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 78 45 70 36 4c 38 2b 33 31 52 6f 52 48 72 55 6b 53 6c 53 71 52 79 4b 46 41 47 46 78 78 64 5a 5a 6d 78 65 7a 51 31 4c 45 44 53 33 53 4e 58 38 2f 45 71 34 68 6d 69 6b 55 53 34 39 34 6f 52 54 63 76 73 64 4c 43 69 45 73 34 34 35 2b 75 41 53 75 47 38 4b 2b 61 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xEp6L8+31RoRHrUkSlSqRyKFAGFxxdZZmxezQ1LEDS3SNX8/Eq4hmikUS494oRTcvsdLCiEs445+uASuG8K+aA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                                                              Oct 9, 2024 16:29:15.492516994 CEST515INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWQ3OTE0ZGUtZDRlYS00MWZmLTg0NmQtNGExNGMzZGMwY2U0IiwicGFnZV90aW1lIjoxNzI4NDg0MT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              23192.168.2.450539210.157.78.480600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.153285027 CEST83OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: ordercompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946599007 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:29:16 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 2814
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              Last-Modified: Thu, 22 Apr 2021 10:24:00 GMT
                                                                                                                                                                                                              ETag: "afe-5c08d13eb1b03"
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px;
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946628094 CEST224INData Raw: 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 65 78 70 6c 61 69 6e 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73
                                                                                                                                                                                                              Data Ascii: margin: 0; padding: 0; color: white;}.explain { border-top: 1px solid #fff; border-bottom: 1px solid #fff; line-height: 1.5; margin: 30px auto; padding: 17px;}#cause { text-align: left;
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946638107 CEST1236INData Raw: 0a 7d 0a 23 63 61 75 73 65 20 6c 69 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 7d 0a 68 33 20 7b 0a 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62
                                                                                                                                                                                                              Data Ascii: }#cause li { color: #666;}h3 { letter-spacing: 1px; font-weight: bold; padding: 0;}#white_box { margin: 15px auto 0; background-color: white;}/* ==================== ======================= *
                                                                                                                                                                                                              Oct 9, 2024 16:29:16.946649075 CEST358INData Raw: a3 3c 2f 70 3e 0a 20 20 20 20 3c 68 33 3e b0 ca b2 bc a4 ce a4 e8 a4 a6 a4 ca b8 b6 b0 f8 a4 ac b9 cd a4 a8 a4 e9 a4 ec a4 de a4 b9 a1 a3 3c 2f 68 33 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 77 68 69 74 65 5f 62 6f 78 22 3e 0a 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: </p> <h3></h3> <div id="white_box"> <div id="cause"> <ul> <li></li> <li>UR


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              24192.168.2.450540185.111.247.3880600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.160094023 CEST84OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: leadercompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:17.945862055 CEST213INHTTP/1.0 301 Moved Permanently
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              x-redirect-by: WordPress
                                                                                                                                                                                                              location: https://leadercompany.net/
                                                                                                                                                                                                              content-length: 0
                                                                                                                                                                                                              date: Wed, 09 Oct 2024 14:29:16 GMT


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              25192.168.2.450541162.43.112.1180600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:19.796945095 CEST81OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: heavycover.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620116949 CEST1236INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:29:20 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 7825
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              Last-Modified: Thu, 07 Mar 2019 09:08:00 GMT
                                                                                                                                                                                                              ETag: "1e91-5837d7168cbbf"
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2a 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 7d 0d 0a 69 6d 67 20 7b 0d 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 7d 0d 0a 75 6c 20 7b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0d 0a 7d 0d 0a 68 74 6d 6c 20 7b 0d 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>403 Forbidden</title><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: rgb(255, 143, 83);}h1 { font-size: 44px; font-weight: bold; font-family: Helvetica, sans-serif; text-align: center;}h2 { text-align: center; font-weight: bold; font-size: 18px;}p { text-align: center; font-size: 14px; margin: 0; padding: 0;}.explain { line-height: 1.5; margin: 30px auto; color: #2f2f2f;}#cause {
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620131969 CEST224INData Raw: 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0d 0a 7d 0d 0a 23 63 61 75 73 65 20 6c 69 20 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 66 32 66 32 66 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 20 20
                                                                                                                                                                                                              Data Ascii: text-align: left;}#cause li { color: #2f2f2f; font-size: 14px; margin-bottom: 0.5em;}#cause li:last-child { margin-bottom: 0;}h3 { letter-spacing: 1px; font-weight: bold; back
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620685101 CEST1236INData Raw: 67 72 6f 75 6e 64 3a 20 23 66 66 65 62 65 31 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 3b 0d 0a 7d 0d 0a 23 77 68 69 74 65 5f 62 6f 78 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 35 70 78 20 61 75 74 6f 20 30 3b 0d 0a 20 20
                                                                                                                                                                                                              Data Ascii: ground: #ffebe1; padding: 5px;}#white_box { margin: 15px auto 0; background-color: white;}#base { background: white;}.footer_txt { margin: 10px; padding-bottom: 30px; color: #2f2f2f; font-siz
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620696068 CEST1236INData Raw: 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 2f 2a 2d 2d 2d 20 73 61 66 61 72 69 a1 ca 50 43 a1 cb cd d1 20 2d 2d 2d 2a 2f 0d 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e
                                                                                                                                                                                                              Data Ascii: ebkit-justify-content: center;/*--- safariPC ---*/ justify-content: center;}#pr-wrap p { margin: 15px;}.explain { font-size: 14px;}h3 { font-size: 16px;}#cause { padding: 10px;}}</style></
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620706081 CEST1236INData Raw: 2f 32 39 75 62 62 37 6a 39 42 4b 58 31 37 4c 64 38 6a 6d 6e 33 59 53 43 67 6e 6e 45 36 47 78 72 61 6d 68 6e 5a 67 71 54 31 51 61 52 31 41 4b 51 31 41 4b 50 31 44 67 32 4e 53 43 64 32 63 48 42 77 45 5a 45 51 39 33 63 33 43 47 64 32 66 62 32 39 59
                                                                                                                                                                                                              Data Ascii: /29ubb7j9BKX17Ld8jmn3YSCgnnE6GxramhnZgqT1QaR1AKQ1AKP1Dg2NSCd2cHBwEZEQ93c3CGd2fb29Y2Miyqi2/T09PPz89nY2KGgoL6+ve7u7la14vz8/N/f34mIh8fGxjs5OMrJyfr6+mBeXfv7+6inpjk3NmloZ62srNbW1rKxsd7e3vX19To4N8LCwSGe2e/v7/7+/kdFRKuqqVpYV1VTUkJAP0Os3/Ly8tbV1Q+W1py
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620718002 CEST1236INData Raw: 62 57 56 75 64 45 6c 45 50 53 4a 34 62 58 41 75 5a 47 6c 6b 4f 6a 6b 35 4e 54 67 7a 4d 6a 49 77 4c 57 4a 6c 4d 7a 49 74 4d 7a 45 30 4f 43 30 35 59 54 4d 32 4c 54 68 6a 4d 6a 49 77 4f 47 51 77 4e 6a 68 6b 4d 79 49 67 65 47 31 77 54 55 30 36 52 47
                                                                                                                                                                                                              Data Ascii: bWVudElEPSJ4bXAuZGlkOjk5NTgzMjIwLWJlMzItMzE0OC05YTM2LThjMjIwOGQwNjhkMyIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpFNDk5NUIzQzFEOEIxMUU3OTBCOEU0NDZDMzE4NTM3RiIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpFNDk5NUIzQjFEOEIxMUU3OTBCOEU0NDZDMzE4NTM3RiIgeG1wOkNyZWF
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620728016 CEST1236INData Raw: 55 51 4b 30 54 30 74 44 6a 63 42 36 75 43 35 47 45 38 65 51 49 4f 76 46 51 62 42 4f 63 6f 46 49 5a 45 74 6b 77 47 4c 73 52 51 79 65 42 46 61 35 54 61 66 35 64 48 69 44 4c 4e 62 2f 77 5a 35 39 6f 77 41 42 31 78 38 46 46 30 4e 38 31 52 55 71 42 52
                                                                                                                                                                                                              Data Ascii: UQK0T0tDjcB6uC5GE8eQIOvFQbBOcoFIZEtkwGLsRQyeBFa5Taf5dHiDLNb/wZ59owAB1x8FF0N81RUqBRxS9LMXPMREJXToDSWoRIQuGByyhRC2+ZDDANYJ5AVvCXSBzTQ/vCEQBPs9Nx0AJTBSSAhTADOQAEFMUoIkXcihAxBd2DGLEyz6MlA8vC2BjEDz7JbXLAkYMBAmIvrnSRQ+dLJKTCNQo9VAG/QARgHlVITBXiGcA9E
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.620738029 CEST426INData Raw: 63 43 49 38 42 42 48 63 72 31 36 6c 74 2f 59 52 35 42 4e 37 45 55 57 71 74 4e 47 5a 54 73 69 78 69 4f 56 52 53 6a 6d 2b 59 49 4d 75 31 4d 41 59 33 67 43 44 30 49 7a 56 68 45 41 79 61 69 49 6f 41 45 51 34 6f 41 47 41 4f 31 51 42 50 52 46 42 52 50
                                                                                                                                                                                                              Data Ascii: cCI8BBHcr16lt/YR5BN7EUWqtNGZTsixiOVRSjm+YIMu1MAY3gCD0IzVhEAyaiIoAEQ4oAGAO1QBPRFBRPKkwYoFkG8ZF2iHdhrRBhqMaRdtaKYNG9GKZfSSHMaMCAaqcAFOQEMUYpHWID4RzTYAMyK/KGcgInKCXEBBF1BIBCAAA4k6lLMNlxhIEsUwZjARVAAEEyRIBpClDN8Y9KApGRIIqiGQJ/CRDOgQgUTlQVCEWvSiFAn


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              26192.168.2.450542103.169.142.080600C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 9, 2024 16:29:20.774899006 CEST84OUTGET /index.php HTTP/1.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Host: gentlecompany.net
                                                                                                                                                                                                              Oct 9, 2024 16:29:21.270524979 CEST679INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 14:29:21 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 167
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Cache-Control: max-age=3600
                                                                                                                                                                                                              Expires: Wed, 09 Oct 2024 15:29:21 GMT
                                                                                                                                                                                                              Location: https://gentlecompany.net/index.php
                                                                                                                                                                                                              expect-ct: max-age=86400, enforce
                                                                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                                                                              referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8cff0ff78bd40f63-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                              Start time:10:27:15
                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\25XrVZw56S.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\25XrVZw56S.exe"
                                                                                                                                                                                                              Imagebase:0xfb0000
                                                                                                                                                                                                              File size:442'368 bytes
                                                                                                                                                                                                              MD5 hash:D2965931E5463A26443A022B95EDF5D4
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                              Start time:10:27:16
                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                              Path:C:\bamqdjw\mt2o4nrsazl5davsv.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\bamqdjw\mt2o4nrsazl5davsv.exe"
                                                                                                                                                                                                              Imagebase:0xcd0000
                                                                                                                                                                                                              File size:442'368 bytes
                                                                                                                                                                                                              MD5 hash:D2965931E5463A26443A022B95EDF5D4
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                              • Detection: 89%, ReversingLabs
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                              Start time:10:27:16
                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                              Path:C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              Imagebase:0xc90000
                                                                                                                                                                                                              File size:442'368 bytes
                                                                                                                                                                                                              MD5 hash:D2965931E5463A26443A022B95EDF5D4
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                              • Detection: 89%, ReversingLabs
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                              Start time:10:27:16
                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                              Path:C:\bamqdjw\czmruiag.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe"
                                                                                                                                                                                                              Imagebase:0x180000
                                                                                                                                                                                                              File size:442'368 bytes
                                                                                                                                                                                                              MD5 hash:D2965931E5463A26443A022B95EDF5D4
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                              • Detection: 89%, ReversingLabs
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                              Start time:10:27:18
                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                              Path:C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\bamqdjw\erewpegtq.exe"
                                                                                                                                                                                                              Imagebase:0xc90000
                                                                                                                                                                                                              File size:442'368 bytes
                                                                                                                                                                                                              MD5 hash:D2965931E5463A26443A022B95EDF5D4
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                              Start time:10:27:38
                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                              Start time:10:28:35
                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                              Path:C:\bamqdjw\erewpegtq.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"c:\bamqdjw\erewpegtq.exe"
                                                                                                                                                                                                              Imagebase:0xc90000
                                                                                                                                                                                                              File size:442'368 bytes
                                                                                                                                                                                                              MD5 hash:D2965931E5463A26443A022B95EDF5D4
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                              Start time:10:28:35
                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                              Path:C:\bamqdjw\czmruiag.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:442'368 bytes
                                                                                                                                                                                                              MD5 hash:D2965931E5463A26443A022B95EDF5D4
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:7.2%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:61.7%
                                                                                                                                                                                                                Total number of Nodes:1168
                                                                                                                                                                                                                Total number of Limit Nodes:66
                                                                                                                                                                                                                execution_graph 32110 fdeea4 32150 fec365 32110->32150 32112 fdeea9 __setmbcp 32154 fe08f3 GetStartupInfoW 32112->32154 32115 fdef17 32117 fdef22 32115->32117 32255 fdf044 58 API calls 3 library calls 32115->32255 32116 fdeebf 32156 fe2a93 GetProcessHeap 32116->32156 32157 fe29fa 32117->32157 32120 fdef28 32121 fdef33 __RTC_Initialize 32120->32121 32256 fdf044 58 API calls 3 library calls 32120->32256 32178 fea5a6 32121->32178 32124 fdef42 32125 fdef4e GetCommandLineA 32124->32125 32257 fdf044 58 API calls 3 library calls 32124->32257 32197 fec401 GetEnvironmentStringsW 32125->32197 32128 fdef4d 32128->32125 32132 fdef73 32221 fec237 32132->32221 32136 fdef84 32237 fda2db 32136->32237 32139 fdef8c 32140 fdef97 32139->32140 32260 fda2a1 58 API calls 3 library calls 32139->32260 32243 fec48e 32140->32243 32151 fec388 32150->32151 32152 fec395 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 32150->32152 32151->32152 32153 fec38c 32151->32153 32152->32153 32153->32112 32155 fe0909 32154->32155 32155->32116 32156->32115 32261 fda3df 36 API calls 2 library calls 32157->32261 32159 fe29ff 32262 fe065e InitializeCriticalSectionAndSpinCount __alloc_osfhnd 32159->32262 32161 fe2a04 32162 fe2a08 32161->32162 32264 fe07e7 TlsAlloc 32161->32264 32263 fe2a70 TlsFree __mtterm 32162->32263 32165 fe2a1a 32165->32162 32167 fe2a25 32165->32167 32265 fdfc83 32167->32265 32170 fe2a67 32273 fe2a70 TlsFree __mtterm 32170->32273 32173 fe2a46 32173->32170 32175 fe2a4c 32173->32175 32272 fe2947 58 API calls 4 library calls 32175->32272 32177 fe2a54 GetCurrentThreadId 32177->32120 32179 fea5b2 __setmbcp 32178->32179 32285 fe050d 32179->32285 32181 fea5b9 32182 fdfc83 __calloc_crt 58 API calls 32181->32182 32183 fea5ca 32182->32183 32184 fea635 GetStartupInfoW 32183->32184 32185 fea5d5 @_EH4_CallFilterFunc@8 __setmbcp 32183->32185 32190 fea779 32184->32190 32193 fea64a 32184->32193 32185->32124 32186 fea841 32294 fea851 LeaveCriticalSection _doexit 32186->32294 32188 fdfc83 __calloc_crt 58 API calls 32188->32193 32189 fea7c6 GetStdHandle 32189->32190 32190->32186 32190->32189 32192 fea7d9 GetFileType 32190->32192 32293 fe092e InitializeCriticalSectionAndSpinCount 32190->32293 32191 fea698 32191->32190 32194 fea6cc GetFileType 32191->32194 32292 fe092e InitializeCriticalSectionAndSpinCount 32191->32292 32192->32190 32193->32188 32193->32190 32193->32191 32194->32191 32199 fec414 WideCharToMultiByte 32197->32199 32203 fdef5e 32197->32203 32200 fec47e FreeEnvironmentStringsW 32199->32200 32201 fec447 32199->32201 32200->32203 32297 fdfccb 32201->32297 32210 fec008 32203->32210 32205 fec454 WideCharToMultiByte 32206 fec46a 32205->32206 32207 fec473 FreeEnvironmentStringsW 32205->32207 32303 fda688 32206->32303 32207->32203 32209 fec470 32209->32207 32211 fec01b GetModuleFileNameA 32210->32211 32212 fec016 32210->32212 32214 fec048 32211->32214 32348 fe186f 32212->32348 32342 fec0bb 32214->32342 32217 fdfccb __malloc_crt 58 API calls 32218 fec081 32217->32218 32219 fec0bb _parse_cmdline 58 API calls 32218->32219 32220 fdef68 32218->32220 32219->32220 32220->32132 32258 fda2a1 58 API calls 3 library calls 32220->32258 32222 fec240 32221->32222 32226 fec245 _strlen 32221->32226 32223 fe186f ___initmbctable 71 API calls 32222->32223 32223->32226 32224 fdef79 32224->32136 32259 fda2a1 58 API calls 3 library calls 32224->32259 32225 fdfc83 __calloc_crt 58 API calls 32230 fec27b _strlen 32225->32230 32226->32224 32226->32225 32227 fec2cd 32228 fda688 _free 58 API calls 32227->32228 32228->32224 32229 fdfc83 __calloc_crt 58 API calls 32229->32230 32230->32224 32230->32227 32230->32229 32231 fec2f4 32230->32231 32234 fec30b 32230->32234 32519 fec4ed 58 API calls _vscan_fn 32230->32519 32232 fda688 _free 58 API calls 32231->32232 32232->32224 32520 fe047d 8 API calls 2 library calls 32234->32520 32236 fec317 32239 fda2e7 __IsNonwritableInCurrentImage 32237->32239 32521 fe1181 32239->32521 32240 fda305 __initterm_e 32242 fda324 _doexit __IsNonwritableInCurrentImage 32240->32242 32524 fd965e 67 API calls __cinit 32240->32524 32242->32139 32244 fec49a 32243->32244 32247 fec49f 32243->32247 32245 fe186f ___initmbctable 71 API calls 32244->32245 32245->32247 32246 fdef9d 32249 fc2280 32246->32249 32247->32246 32525 ffa4ce 58 API calls x_ismbbtype_l 32247->32525 32250 fc22eb 32249->32250 32526 fd8e91 32250->32526 32252 fc2830 _memset 32253 fc4105 32252->32253 32534 fce9c0 32252->32534 32255->32117 32256->32121 32257->32128 32261->32159 32262->32161 32264->32165 32268 fdfc8a 32265->32268 32267 fdfcc5 32267->32170 32271 fe0843 TlsSetValue 32267->32271 32268->32267 32270 fdfca8 32268->32270 32274 fee211 32268->32274 32270->32267 32270->32268 32282 fe0cb9 Sleep 32270->32282 32271->32173 32272->32177 32275 fee21c 32274->32275 32280 fee237 32274->32280 32276 fee228 32275->32276 32275->32280 32283 fe0f5a 58 API calls __getptd_noexit 32276->32283 32278 fee247 HeapAlloc 32279 fee22d 32278->32279 32278->32280 32279->32268 32280->32278 32280->32279 32284 fdfc1f DecodePointer 32280->32284 32282->32270 32283->32279 32284->32280 32286 fe051e 32285->32286 32287 fe0531 EnterCriticalSection 32285->32287 32295 fe05b5 58 API calls 10 library calls 32286->32295 32287->32181 32289 fe0524 32289->32287 32296 fda2a1 58 API calls 3 library calls 32289->32296 32292->32191 32293->32190 32294->32185 32295->32289 32298 fdfcd9 32297->32298 32300 fdfd0b 32298->32300 32302 fdfcec 32298->32302 32309 fda6fd 32298->32309 32300->32200 32300->32205 32302->32298 32302->32300 32326 fe0cb9 Sleep 32302->32326 32304 fda6ba _rand_s 32303->32304 32305 fda691 RtlFreeHeap 32303->32305 32304->32209 32305->32304 32306 fda6a6 32305->32306 32341 fe0f5a 58 API calls __getptd_noexit 32306->32341 32308 fda6ac GetLastError 32308->32304 32310 fda778 32309->32310 32319 fda709 32309->32319 32335 fdfc1f DecodePointer 32310->32335 32312 fda77e 32336 fe0f5a 58 API calls __getptd_noexit 32312->32336 32315 fda73c RtlAllocateHeap 32316 fda770 32315->32316 32315->32319 32316->32298 32318 fda764 32333 fe0f5a 58 API calls __getptd_noexit 32318->32333 32319->32315 32319->32318 32320 fda714 32319->32320 32324 fda762 32319->32324 32332 fdfc1f DecodePointer 32319->32332 32320->32319 32327 fe0d0c 58 API calls __NMSG_WRITE 32320->32327 32328 fe0d69 58 API calls 5 library calls 32320->32328 32329 fda17e 32320->32329 32334 fe0f5a 58 API calls __getptd_noexit 32324->32334 32326->32302 32327->32320 32328->32320 32337 fda14a GetModuleHandleExW 32329->32337 32332->32319 32333->32324 32334->32316 32335->32312 32336->32316 32338 fda17a ExitProcess 32337->32338 32339 fda163 GetProcAddress 32337->32339 32339->32338 32340 fda175 32339->32340 32340->32338 32341->32308 32345 fec0dd 32342->32345 32344 fec141 32346 fec05e 32344->32346 32353 ffa4ce 58 API calls x_ismbbtype_l 32344->32353 32345->32344 32352 ffa4ce 58 API calls x_ismbbtype_l 32345->32352 32346->32217 32346->32220 32349 fe1878 32348->32349 32351 fe187f 32348->32351 32354 fe1c96 32349->32354 32351->32211 32352->32345 32353->32344 32355 fe1ca2 __setmbcp 32354->32355 32379 fe28c0 32355->32379 32359 fe1cb4 32396 fe1960 32359->32396 32362 fdfccb __malloc_crt 58 API calls 32363 fe1cd6 32362->32363 32364 fe1e03 __setmbcp 32363->32364 32403 fe1e3e 32363->32403 32364->32351 32367 fe1d0c 32368 fe1d2c 32367->32368 32372 fda688 _free 58 API calls 32367->32372 32368->32364 32374 fe050d __lock 58 API calls 32368->32374 32369 fe1e26 32414 fe0f5a 58 API calls __getptd_noexit 32369->32414 32370 fe1e13 32370->32364 32370->32369 32373 fda688 _free 58 API calls 32370->32373 32372->32368 32373->32369 32376 fe1d5b 32374->32376 32375 fe1de9 32413 fe1e08 LeaveCriticalSection _doexit 32375->32413 32376->32375 32378 fda688 _free 58 API calls 32376->32378 32378->32375 32415 fe28d8 GetLastError 32379->32415 32381 fe28c6 32382 fe1caa 32381->32382 32429 fda2a1 58 API calls 3 library calls 32381->32429 32384 fe1bbf 32382->32384 32385 fe1bcb __setmbcp 32384->32385 32386 fe28c0 _TestDefaultLanguage 58 API calls 32385->32386 32387 fe1bd5 32386->32387 32388 fe1be7 32387->32388 32389 fe050d __lock 58 API calls 32387->32389 32391 fe1bf5 __setmbcp 32388->32391 32435 fda2a1 58 API calls 3 library calls 32388->32435 32394 fe1c05 32389->32394 32390 fe1c32 32436 fe1c5c LeaveCriticalSection _doexit 32390->32436 32391->32359 32394->32390 32395 fda688 _free 58 API calls 32394->32395 32395->32390 32437 fe188d 32396->32437 32399 fe197f GetOEMCP 32401 fe19a8 32399->32401 32400 fe1991 32400->32401 32402 fe1996 GetACP 32400->32402 32401->32362 32401->32364 32402->32401 32404 fe1960 getSystemCP 60 API calls 32403->32404 32405 fe1e5b 32404->32405 32408 fe1eac IsValidCodePage 32405->32408 32410 fe1e62 setSBCS 32405->32410 32411 fe1ed1 _memset __setmbcp_nolock 32405->32411 32407 fe1cfd 32407->32367 32407->32370 32409 fe1ebe GetCPInfo 32408->32409 32408->32410 32409->32410 32409->32411 32456 fdf36d 32410->32456 32446 fe1a2d GetCPInfo 32411->32446 32413->32364 32414->32364 32430 fe0824 32415->32430 32417 fe293b SetLastError 32417->32381 32418 fe28ed 32418->32417 32419 fdfc83 __calloc_crt 55 API calls 32418->32419 32420 fe2900 32419->32420 32420->32417 32433 fe0843 TlsSetValue 32420->32433 32422 fe2914 32423 fe291a 32422->32423 32424 fe2932 32422->32424 32434 fe2947 58 API calls 4 library calls 32423->32434 32426 fda688 _free 55 API calls 32424->32426 32428 fe2938 32426->32428 32427 fe2922 GetCurrentThreadId 32427->32417 32428->32417 32431 fe083b TlsGetValue 32430->32431 32432 fe0837 32430->32432 32431->32418 32432->32418 32433->32422 32434->32427 32436->32388 32438 fe189e 32437->32438 32439 fe18eb 32437->32439 32440 fe28c0 _TestDefaultLanguage 58 API calls 32438->32440 32439->32399 32439->32400 32441 fe18a4 32440->32441 32444 fe18cb 32441->32444 32445 fee8ce 58 API calls 6 library calls 32441->32445 32443 fe1bbf __setmbcp 58 API calls 32443->32439 32444->32439 32444->32443 32445->32444 32447 fe1b0f 32446->32447 32451 fe1a65 32446->32451 32450 fdf36d __crtLCMapStringA_stat 6 API calls 32447->32450 32453 fe1bbb 32450->32453 32463 feecfb 32451->32463 32453->32410 32455 feebbd ___crtLCMapStringA 63 API calls 32455->32447 32457 fdf375 32456->32457 32458 fdf377 IsProcessorFeaturePresent 32456->32458 32457->32407 32460 fec593 32458->32460 32518 fec542 5 API calls ___raise_securityfailure 32460->32518 32462 fec676 32462->32407 32464 fe188d _LocaleUpdate::_LocaleUpdate 58 API calls 32463->32464 32465 feed0c 32464->32465 32473 feec03 32465->32473 32468 feebbd 32469 fe188d _LocaleUpdate::_LocaleUpdate 58 API calls 32468->32469 32470 feebce 32469->32470 32487 fee999 32470->32487 32474 feec1d 32473->32474 32475 feec2a MultiByteToWideChar 32473->32475 32474->32475 32476 feec56 32475->32476 32485 feec4f 32475->32485 32480 fda6fd _malloc 58 API calls 32476->32480 32484 feec78 _memset __crtLCMapStringA_stat 32476->32484 32477 fdf36d __crtLCMapStringA_stat 6 API calls 32478 fe1ac6 32477->32478 32478->32468 32479 feecb4 MultiByteToWideChar 32481 feecde 32479->32481 32482 feecce GetStringTypeW 32479->32482 32480->32484 32486 fedd5c 58 API calls _free 32481->32486 32482->32481 32484->32479 32484->32485 32485->32477 32486->32485 32488 fee9b2 MultiByteToWideChar 32487->32488 32492 feea18 32488->32492 32499 feea11 32488->32499 32490 fdf36d __crtLCMapStringA_stat 6 API calls 32493 fe1ae7 32490->32493 32491 feea40 __crtLCMapStringA_stat 32494 feea77 MultiByteToWideChar 32491->32494 32491->32499 32492->32491 32498 fda6fd _malloc 58 API calls 32492->32498 32493->32455 32495 feea90 32494->32495 32504 feeade 32494->32504 32512 fee043 32495->32512 32498->32491 32499->32490 32500 feeaa4 32501 feeaba 32500->32501 32503 feeae6 32500->32503 32500->32504 32502 fee043 __crtLCMapStringA_stat 2 API calls 32501->32502 32501->32504 32502->32504 32506 fda6fd _malloc 58 API calls 32503->32506 32510 feeb0e __crtLCMapStringA_stat 32503->32510 32517 fedd5c 58 API calls _free 32504->32517 32505 fee043 __crtLCMapStringA_stat 2 API calls 32507 feeb51 32505->32507 32506->32510 32508 feeb79 32507->32508 32511 feeb6b WideCharToMultiByte 32507->32511 32516 fedd5c 58 API calls _free 32508->32516 32510->32504 32510->32505 32511->32508 32513 fee06e __crtLCMapStringA_stat 32512->32513 32514 fee053 LCMapStringEx 32512->32514 32515 fee085 LCMapStringW 32513->32515 32514->32500 32515->32500 32516->32504 32517->32499 32518->32462 32519->32230 32520->32236 32522 fe1184 EncodePointer 32521->32522 32522->32522 32523 fe119e 32522->32523 32523->32240 32524->32242 32525->32247 32528 fd94dd 32526->32528 32527 fda6fd _malloc 58 API calls 32527->32528 32528->32527 32529 fd94ff 32528->32529 32531 fd9503 std::exception::exception 32528->32531 33178 fdfc1f DecodePointer 32528->33178 32529->32252 33179 fdf37c RaiseException 32531->33179 32533 fd952d 32536 fce9f3 32534->32536 32535 fda6fd _malloc 58 API calls 32537 fcecfe 32535->32537 32536->32535 32538 fda5b0 58 API calls 32537->32538 32539 fced70 _memset 32537->32539 32538->32539 33180 fd8900 32539->33180 32541 fcedde 32542 fd8900 58 API calls 32541->32542 32543 fcedf2 32542->32543 32544 fd8900 58 API calls 32543->32544 32545 fcee06 32544->32545 32546 fd8900 58 API calls 32545->32546 32547 fcee1a 32546->32547 32548 fd8900 58 API calls 32547->32548 32549 fcee2e 32548->32549 32550 fd8900 58 API calls 32549->32550 32551 fcee42 32550->32551 32552 fd8900 58 API calls 32551->32552 32553 fcee7d 32552->32553 32554 fd8900 58 API calls 32553->32554 32555 fcee91 32554->32555 32556 fd8900 58 API calls 32555->32556 32557 fcef6a GetModuleHandleA 32556->32557 32558 fd8900 58 API calls 32557->32558 32559 fcefaf 32558->32559 33184 fc5bb0 32559->33184 32562 fd8900 58 API calls 32563 fcf056 32562->32563 32564 fc5bb0 58 API calls 32563->32564 32565 fcf0b9 GetProcAddress 32564->32565 32566 fd8900 58 API calls 32565->32566 32567 fcf0e1 32566->32567 32568 fc5bb0 58 API calls 32567->32568 32569 fcf0f8 GetProcAddress 32568->32569 32571 fd8900 58 API calls 32569->32571 32572 fcf1ab 32571->32572 32573 fc5bb0 58 API calls 32572->32573 32574 fcf1c2 GetProcAddress 32573->32574 32576 fd8900 58 API calls 32574->32576 32577 fcf2f9 32576->32577 32578 fc5bb0 58 API calls 32577->32578 32579 fcf310 GetProcAddress 32578->32579 32580 fd8900 58 API calls 32579->32580 32581 fcf337 32580->32581 32582 fc5bb0 58 API calls 32581->32582 32583 fcf34e GetProcAddress 32582->32583 32584 fd8900 58 API calls 32583->32584 32585 fcf375 32584->32585 32586 fc5bb0 58 API calls 32585->32586 32587 fcf38c GetProcAddress 32586->32587 32588 fd8900 58 API calls 32587->32588 32589 fcf3b3 32588->32589 32590 fc5bb0 58 API calls 32589->32590 32591 fcf3ca GetProcAddress 32590->32591 32592 fd8900 58 API calls 32591->32592 32593 fcf3f1 32592->32593 32594 fc5bb0 58 API calls 32593->32594 32595 fcf408 GetProcAddress 32594->32595 32596 fd8900 58 API calls 32595->32596 32597 fcf456 32596->32597 32598 fc5bb0 58 API calls 32597->32598 32599 fcf46d GetProcAddress 32598->32599 32600 fd8900 58 API calls 32599->32600 32601 fcf495 32600->32601 32602 fc5bb0 58 API calls 32601->32602 32603 fcf4ac GetProcAddress 32602->32603 32604 fd8900 58 API calls 32603->32604 32605 fcf522 32604->32605 32606 fc5bb0 58 API calls 32605->32606 32607 fcf56a GetProcAddress 32606->32607 32608 fd8900 58 API calls 32607->32608 32609 fcf5b7 32608->32609 32610 fc5bb0 58 API calls 32609->32610 32611 fcf65f GetProcAddress 32610->32611 32612 fd8900 58 API calls 32611->32612 32613 fcf687 32612->32613 32614 fc5bb0 58 API calls 32613->32614 32615 fcf69e GetProcAddress 32614->32615 32616 fd8900 58 API calls 32615->32616 32617 fcf6c6 32616->32617 32618 fc5bb0 58 API calls 32617->32618 32619 fcf6dd GetProcAddress 32618->32619 32621 fd8900 58 API calls 32619->32621 32622 fcf7a8 32621->32622 32623 fc5bb0 58 API calls 32622->32623 32624 fcf7bf GetProcAddress 32623->32624 32625 fd8900 58 API calls 32624->32625 32626 fcf82c 32625->32626 32627 fc5bb0 58 API calls 32626->32627 32628 fcf843 GetProcAddress 32627->32628 32629 fcf8da 32628->32629 32630 fd8900 58 API calls 32629->32630 32631 fcf8fe 32630->32631 32632 fc5bb0 58 API calls 32631->32632 32633 fcf96b GetProcAddress 32632->32633 32635 fd8900 58 API calls 32633->32635 32636 fcfa14 32635->32636 32637 fc5bb0 58 API calls 32636->32637 32638 fcfa2b GetProcAddress 32637->32638 32639 fd8900 58 API calls 32638->32639 32640 fcfa53 32639->32640 32641 fc5bb0 58 API calls 32640->32641 32642 fcfa6a GetProcAddress 32641->32642 32643 fd8900 58 API calls 32642->32643 32644 fcfab1 32643->32644 32645 fc5bb0 58 API calls 32644->32645 32646 fcfac8 GetProcAddress 32645->32646 32647 fd8900 58 API calls 32646->32647 32648 fcfaef 32647->32648 32649 fc5bb0 58 API calls 32648->32649 32650 fcfb06 GetProcAddress 32649->32650 32651 fd8900 58 API calls 32650->32651 32652 fcfbc0 32651->32652 32653 fc5bb0 58 API calls 32652->32653 32654 fcfbd7 GetProcAddress 32653->32654 32655 fd8900 58 API calls 32654->32655 32656 fcfbff 32655->32656 32657 fc5bb0 58 API calls 32656->32657 32658 fcfc16 GetProcAddress 32657->32658 32659 fd8900 58 API calls 32658->32659 32660 fcfc3e 32659->32660 32661 fc5bb0 58 API calls 32660->32661 32662 fcfc6d GetProcAddress 32661->32662 32663 fd8900 58 API calls 32662->32663 32664 fcfcbe 32663->32664 32665 fc5bb0 58 API calls 32664->32665 32666 fcfcd5 GetProcAddress 32665->32666 32667 fd8900 58 API calls 32666->32667 32668 fcfcfc 32667->32668 32669 fc5bb0 58 API calls 32668->32669 32670 fcfd43 GetProcAddress 32669->32670 32671 fd8900 58 API calls 32670->32671 32672 fcfd6a 32671->32672 32673 fc5bb0 58 API calls 32672->32673 32674 fcfd81 GetProcAddress 32673->32674 32675 fd8900 58 API calls 32674->32675 32676 fcfda8 32675->32676 32677 fc5bb0 58 API calls 32676->32677 32678 fcfdbf GetProcAddress 32677->32678 32679 fd8900 58 API calls 32678->32679 32680 fcfe12 32679->32680 32681 fc5bb0 58 API calls 32680->32681 32682 fcfe39 GetProcAddress 32681->32682 32683 fd8900 58 API calls 32682->32683 32684 fcfe61 32683->32684 32685 fc5bb0 58 API calls 32684->32685 32686 fcfe78 GetProcAddress 32685->32686 32687 fd8900 58 API calls 32686->32687 32688 fcfea0 32687->32688 32689 fc5bb0 58 API calls 32688->32689 32690 fcfeb7 GetProcAddress 32689->32690 32691 fd8900 58 API calls 32690->32691 32692 fcff1d 32691->32692 32693 fc5bb0 58 API calls 32692->32693 32694 fcff34 GetProcAddress 32693->32694 32695 fd8900 58 API calls 32694->32695 32696 fcff87 32695->32696 32697 fc5bb0 58 API calls 32696->32697 32698 fcff9e GetProcAddress 32697->32698 32699 fd8900 58 API calls 32698->32699 32700 fcffec 32699->32700 32701 fc5bb0 58 API calls 32700->32701 32702 fd0003 GetProcAddress 32701->32702 32703 fd8900 58 API calls 32702->32703 32704 fd002a 32703->32704 32705 fc5bb0 58 API calls 32704->32705 32706 fd0041 GetProcAddress 32705->32706 32707 fd8900 58 API calls 32706->32707 32708 fd0068 32707->32708 32709 fc5bb0 58 API calls 32708->32709 32710 fd00a9 GetProcAddress 32709->32710 32711 fd8900 58 API calls 32710->32711 32712 fd00d0 32711->32712 32713 fc5bb0 58 API calls 32712->32713 32714 fd00e7 GetProcAddress 32713->32714 32715 fd8900 58 API calls 32714->32715 32716 fd010e 32715->32716 32717 fc5bb0 58 API calls 32716->32717 32718 fd0125 GetProcAddress 32717->32718 32720 fd8900 58 API calls 32718->32720 32721 fd0262 32720->32721 32722 fc5bb0 58 API calls 32721->32722 32723 fd0279 GetProcAddress 32722->32723 32724 fd8900 58 API calls 32723->32724 32725 fd02ad 32724->32725 32726 fc5bb0 58 API calls 32725->32726 32727 fd02c4 GetProcAddress 32726->32727 32728 fd8900 58 API calls 32727->32728 32729 fd02ec 32728->32729 32730 fc5bb0 58 API calls 32729->32730 32731 fd0303 GetProcAddress 32730->32731 32732 fd8900 58 API calls 32731->32732 32733 fd032b 32732->32733 32734 fc5bb0 58 API calls 32733->32734 32735 fd0342 GetProcAddress 32734->32735 32736 fd8900 58 API calls 32735->32736 32737 fd036a 32736->32737 32738 fc5bb0 58 API calls 32737->32738 32739 fd0381 GetProcAddress 32738->32739 32740 fd8900 58 API calls 32739->32740 32741 fd03d3 32740->32741 32742 fc5bb0 58 API calls 32741->32742 32743 fd040c GetProcAddress 32742->32743 32744 fd044d 32743->32744 32745 fd8900 58 API calls 32744->32745 32746 fd04b8 32745->32746 32747 fc5bb0 58 API calls 32746->32747 32748 fd04cf GetProcAddress 32747->32748 32749 fd8900 58 API calls 32748->32749 32750 fd04f7 32749->32750 32751 fc5bb0 58 API calls 32750->32751 32752 fd050e GetProcAddress 32751->32752 32753 fd0581 32752->32753 32754 fd8900 58 API calls 32753->32754 32755 fd05bd 32754->32755 32756 fc5bb0 58 API calls 32755->32756 32757 fd0619 GetProcAddress 32756->32757 32758 fd8900 58 API calls 32757->32758 32759 fd0671 32758->32759 32760 fc5bb0 58 API calls 32759->32760 32761 fd0688 GetProcAddress 32760->32761 32762 fd8900 58 API calls 32761->32762 32763 fd06b0 32762->32763 32764 fc5bb0 58 API calls 32763->32764 32765 fd077f GetProcAddress 32764->32765 32766 fd8900 58 API calls 32765->32766 32767 fd07a7 32766->32767 32768 fc5bb0 58 API calls 32767->32768 32769 fd07be GetProcAddress 32768->32769 32770 fd8900 58 API calls 32769->32770 32771 fd07f0 32770->32771 32772 fc5bb0 58 API calls 32771->32772 32773 fd0827 GetProcAddress 32772->32773 32774 fd8900 58 API calls 32773->32774 32775 fd084f 32774->32775 32776 fc5bb0 58 API calls 32775->32776 32777 fd0866 GetProcAddress 32776->32777 32778 fd8900 58 API calls 32777->32778 32779 fd088e 32778->32779 32780 fc5bb0 58 API calls 32779->32780 32781 fd08d5 GetProcAddress 32780->32781 32782 fd8900 58 API calls 32781->32782 32783 fd08fd 32782->32783 32784 fc5bb0 58 API calls 32783->32784 32785 fd0914 GetProcAddress 32784->32785 32786 fd8900 58 API calls 32785->32786 32787 fd093c 32786->32787 32788 fc5bb0 58 API calls 32787->32788 32789 fd0953 GetProcAddress 32788->32789 32790 fd8900 58 API calls 32789->32790 32791 fd09ab 32790->32791 32792 fc5bb0 58 API calls 32791->32792 32793 fd09c2 GetProcAddress 32792->32793 32794 fd0a10 32793->32794 32795 fd8900 58 API calls 32794->32795 32796 fd0ac1 32795->32796 32797 fc5bb0 58 API calls 32796->32797 32798 fd0ad8 GetProcAddress 32797->32798 32799 fd0b4a 32798->32799 32800 fd8900 58 API calls 32799->32800 32801 fd0b83 32800->32801 32802 fc5bb0 58 API calls 32801->32802 32803 fd0b9a GetProcAddress 32802->32803 32804 fd8900 58 API calls 32803->32804 32805 fd0beb 32804->32805 32806 fc5bb0 58 API calls 32805->32806 32807 fd0c41 GetProcAddress 32806->32807 32808 fd8900 58 API calls 32807->32808 32809 fd0cb1 32808->32809 32810 fc5bb0 58 API calls 32809->32810 32811 fd0cc8 GetProcAddress 32810->32811 32812 fd8900 58 API calls 32811->32812 32813 fd0d03 32812->32813 32814 fc5bb0 58 API calls 32813->32814 32815 fd0d1a GetProcAddress 32814->32815 32816 fd8900 58 API calls 32815->32816 32817 fd0d42 32816->32817 32818 fc5bb0 58 API calls 32817->32818 32819 fd0d59 GetProcAddress 32818->32819 32820 fd8900 58 API calls 32819->32820 32821 fd0dbd 32820->32821 32822 fc5bb0 58 API calls 32821->32822 32823 fd0dd4 GetProcAddress 32822->32823 32824 fd0e55 32823->32824 32825 fd8900 58 API calls 32824->32825 32826 fd0e6d 32825->32826 32827 fc5bb0 58 API calls 32826->32827 32828 fd0e84 GetProcAddress 32827->32828 32829 fd8900 58 API calls 32828->32829 32830 fd0ebd 32829->32830 32831 fc5bb0 58 API calls 32830->32831 32832 fd0eec LoadLibraryA 32831->32832 32833 fc5bb0 58 API calls 32832->32833 32834 fd0f0f 32833->32834 32835 fd0fcb 32834->32835 32836 fd0f76 32834->32836 32837 fd8900 58 API calls 32835->32837 32838 fd8900 58 API calls 32836->32838 32840 fd0fd7 GetProcAddress 32837->32840 32839 fd0f82 LoadLibraryA 32838->32839 32841 fc5bb0 58 API calls 32839->32841 32842 fd8900 58 API calls 32840->32842 32843 fd0fab 32841->32843 32844 fd1005 32842->32844 32843->32835 32845 fc5bb0 58 API calls 32844->32845 32846 fd101c GetProcAddress 32845->32846 32847 fd8900 58 API calls 32846->32847 32848 fd1058 32847->32848 32849 fc5bb0 58 API calls 32848->32849 32850 fd108d GetProcAddress 32849->32850 32851 fd8900 58 API calls 32850->32851 32852 fd10f9 32851->32852 32853 fc5bb0 58 API calls 32852->32853 32854 fd1120 GetProcAddress 32853->32854 32855 fd8900 58 API calls 32854->32855 32856 fd1148 32855->32856 32857 fc5bb0 58 API calls 32856->32857 32858 fd115f GetProcAddress 32857->32858 32859 fd8900 58 API calls 32858->32859 32860 fd11a1 32859->32860 32861 fc5bb0 58 API calls 32860->32861 32862 fd11b8 GetProcAddress 32861->32862 32863 fd8900 58 API calls 32862->32863 32864 fd11e0 32863->32864 32865 fc5bb0 58 API calls 32864->32865 32866 fd11f7 GetProcAddress 32865->32866 32867 fd8900 58 API calls 32866->32867 32868 fd1246 32867->32868 32869 fc5bb0 58 API calls 32868->32869 32870 fd12a8 GetProcAddress 32869->32870 32871 fd8900 58 API calls 32870->32871 32872 fd12d0 32871->32872 32873 fc5bb0 58 API calls 32872->32873 32874 fd12e7 GetProcAddress 32873->32874 32875 fd8900 58 API calls 32874->32875 32876 fd130f 32875->32876 32877 fc5bb0 58 API calls 32876->32877 32878 fd1326 GetProcAddress 32877->32878 32880 fd8900 58 API calls 32878->32880 32881 fd1516 32880->32881 32882 fc5bb0 58 API calls 32881->32882 32883 fd152d GetProcAddress 32882->32883 32885 fd8900 58 API calls 32883->32885 32886 fd15f7 32885->32886 32887 fc5bb0 58 API calls 32886->32887 32888 fd1623 GetProcAddress 32887->32888 32889 fd8900 58 API calls 32888->32889 32890 fd164b 32889->32890 32891 fc5bb0 58 API calls 32890->32891 32892 fd1662 GetProcAddress 32891->32892 32893 fd8900 58 API calls 32892->32893 32894 fd168a 32893->32894 32895 fc5bb0 58 API calls 32894->32895 32896 fd16a1 GetProcAddress 32895->32896 32897 fd8900 58 API calls 32896->32897 32898 fd16c9 32897->32898 32899 fc5bb0 58 API calls 32898->32899 32900 fd1720 GetProcAddress 32899->32900 32901 fd8900 58 API calls 32900->32901 32902 fd1747 32901->32902 32903 fc5bb0 58 API calls 32902->32903 32904 fd175e GetProcAddress 32903->32904 32905 fd8900 58 API calls 32904->32905 32906 fd17bd 32905->32906 32907 fc5bb0 58 API calls 32906->32907 32908 fd17d4 GetProcAddress 32907->32908 32909 fd8900 58 API calls 32908->32909 32910 fd17fc 32909->32910 32911 fc5bb0 58 API calls 32910->32911 32912 fd18af LoadLibraryA 32911->32912 32913 fd8900 58 API calls 32912->32913 32914 fd18d0 32913->32914 32915 fc5bb0 58 API calls 32914->32915 32916 fd18e7 GetProcAddress 32915->32916 32917 fd8900 58 API calls 32916->32917 32918 fd193d 32917->32918 32919 fc5bb0 58 API calls 32918->32919 32920 fd1954 GetProcAddress 32919->32920 32922 fd8900 58 API calls 32920->32922 32923 fd19a7 32922->32923 32924 fc5bb0 58 API calls 32923->32924 32925 fd19be GetProcAddress 32924->32925 32926 fd8900 58 API calls 32925->32926 32927 fd19fe 32926->32927 32928 fc5bb0 58 API calls 32927->32928 32929 fd1a15 GetProcAddress 32928->32929 32930 fd8900 58 API calls 32929->32930 32931 fd1a3d 32930->32931 32932 fc5bb0 58 API calls 32931->32932 32933 fd1a78 GetProcAddress 32932->32933 32934 fd8900 58 API calls 32933->32934 32935 fd1ab0 32934->32935 32936 fc5bb0 58 API calls 32935->32936 32937 fd1ac7 GetProcAddress 32936->32937 32938 fd8900 58 API calls 32937->32938 32939 fd1aef 32938->32939 32940 fc5bb0 58 API calls 32939->32940 32941 fd1b06 GetProcAddress 32940->32941 32942 fd8900 58 API calls 32941->32942 32943 fd1b52 32942->32943 32944 fc5bb0 58 API calls 32943->32944 32945 fd1b99 GetProcAddress 32944->32945 32946 fd1bd5 32945->32946 32947 fd8900 58 API calls 32946->32947 32948 fd1bf1 32947->32948 32949 fc5bb0 58 API calls 32948->32949 32950 fd1c08 GetProcAddress 32949->32950 32951 fd1c4a 32950->32951 32952 fd8900 58 API calls 32951->32952 32953 fd1ca2 32952->32953 32954 fc5bb0 58 API calls 32953->32954 32955 fd1cb9 GetProcAddress 32954->32955 32956 fd8900 58 API calls 32955->32956 32957 fd1d4d 32956->32957 32958 fc5bb0 58 API calls 32957->32958 32959 fd1d64 GetProcAddress 32958->32959 32960 fd8900 58 API calls 32959->32960 32961 fd1d8c 32960->32961 32962 fc5bb0 58 API calls 32961->32962 32963 fd1da3 GetProcAddress 32962->32963 32964 fd8900 58 API calls 32963->32964 32965 fd1dcb 32964->32965 32966 fc5bb0 58 API calls 32965->32966 32967 fd1de2 GetProcAddress 32966->32967 32968 fd8900 58 API calls 32967->32968 32969 fd1e0a 32968->32969 32970 fc5bb0 58 API calls 32969->32970 32971 fd1e21 GetProcAddress 32970->32971 32972 fd8900 58 API calls 32971->32972 32973 fd1e49 32972->32973 32974 fc5bb0 58 API calls 32973->32974 32975 fd1e78 GetProcAddress 32974->32975 32976 fd8900 58 API calls 32975->32976 32977 fd1ea0 32976->32977 32978 fc5bb0 58 API calls 32977->32978 32979 fd1eb7 GetProcAddress 32978->32979 32980 fd8900 58 API calls 32979->32980 32981 fd1f68 32980->32981 32982 fc5bb0 58 API calls 32981->32982 32983 fd1f7f GetProcAddress 32982->32983 32984 fd8900 58 API calls 32983->32984 32985 fd1fbe 32984->32985 32986 fc5bb0 58 API calls 32985->32986 32987 fd200d GetProcAddress 32986->32987 32988 fd8900 58 API calls 32987->32988 32989 fd2034 32988->32989 32990 fc5bb0 58 API calls 32989->32990 32991 fd204b GetProcAddress 32990->32991 32992 fd8900 58 API calls 32991->32992 32993 fd20e0 32992->32993 32994 fc5bb0 58 API calls 32993->32994 32995 fd2107 GetProcAddress 32994->32995 32996 fd8900 58 API calls 32995->32996 32997 fd2139 32996->32997 32998 fc5bb0 58 API calls 32997->32998 32999 fd2164 GetProcAddress 32998->32999 33000 fd8900 58 API calls 32999->33000 33001 fd218c 33000->33001 33002 fc5bb0 58 API calls 33001->33002 33003 fd21a3 GetProcAddress 33002->33003 33004 fd8900 58 API calls 33003->33004 33005 fd21cb 33004->33005 33006 fc5bb0 58 API calls 33005->33006 33007 fd21e2 GetProcAddress 33006->33007 33008 fd8900 58 API calls 33007->33008 33009 fd220a 33008->33009 33010 fc5bb0 58 API calls 33009->33010 33011 fd2221 GetProcAddress 33010->33011 33012 fd8900 58 API calls 33011->33012 33013 fd2249 33012->33013 33014 fc5bb0 58 API calls 33013->33014 33015 fd2288 GetProcAddress 33014->33015 33016 fc5bb0 58 API calls 33015->33016 33017 fd22b2 33016->33017 33188 fb7de0 GetSystemTime 33017->33188 33020 fd8900 58 API calls 33021 fd2324 GetEnvironmentVariableA 33020->33021 33022 fc5bb0 58 API calls 33021->33022 33023 fd2388 CreateMutexA CreateMutexA CreateMutexA 33022->33023 33194 fd94dd 33023->33194 33027 fd2609 33202 fcacd0 33027->33202 33029 fd23ec 33029->33027 33030 fd253a GetTickCount 33029->33030 33032 fd254f __itow 33030->33032 33031 fd263f GetCommandLineA 33033 fd2669 33031->33033 33034 fd8900 58 API calls 33032->33034 33033->33033 33035 fd8900 58 API calls 33033->33035 33037 fd255e 33034->33037 33036 fd26a6 33035->33036 33038 fc5bb0 58 API calls 33036->33038 33037->33037 33039 fc5bb0 58 API calls 33037->33039 33040 fd271f 33038->33040 33039->33027 33041 fd276c 33040->33041 33042 fd3039 GetCommandLineA 33040->33042 33043 fd8900 58 API calls 33041->33043 33045 fd307d 33042->33045 33044 fd2778 33043->33044 33046 fc5bb0 58 API calls 33044->33046 33048 fd30f0 GetModuleFileNameA 33045->33048 33047 fd27a8 33046->33047 33049 fd2802 33047->33049 33051 fda5b0 58 API calls 33047->33051 33297 1005f2b 33048->33297 33052 fd8900 58 API calls 33049->33052 33051->33049 33053 fd285c 33052->33053 33055 fc5bb0 58 API calls 33053->33055 33054 fd3150 33054->33054 33056 1005f2b 63 API calls 33054->33056 33057 fd28c0 33055->33057 33059 fd31e5 33056->33059 33058 fd28d0 33057->33058 33060 fda5b0 58 API calls 33057->33060 33062 fd8900 58 API calls 33058->33062 33061 1005f2b 63 API calls 33059->33061 33060->33058 33067 fd31f4 33061->33067 33069 fd2918 33062->33069 33063 fd3566 33337 fc1a50 59 API calls _memset 33063->33337 33065 fd35d3 33066 fd36cb 33065->33066 33070 fda5b0 58 API calls 33065->33070 33338 fc8370 100 API calls 4 library calls 33066->33338 33067->33063 33306 fca370 33067->33306 33069->33069 33072 fd297f 33069->33072 33070->33066 33071 fd36d0 33074 fd8e80 GetSystemTimeAsFileTime 33071->33074 33073 fc5bb0 58 API calls 33072->33073 33155 fd29aa 33073->33155 33087 fd3758 33074->33087 33075 fc9ee0 67 API calls 33075->33155 33077 fd326e 33311 fc0e80 33077->33311 33080 fd2a43 Sleep 33327 fda7e0 116 API calls 3 library calls 33080->33327 33081 fd3350 33083 fd34cd 33081->33083 33084 fd8900 58 API calls 33081->33084 33085 fda5b0 58 API calls 33083->33085 33088 fd3369 LoadLibraryA 33084->33088 33089 fd34d4 33085->33089 33086 fd2fec Sleep 33086->33155 33087->33087 33092 fd38b1 WSAStartup 33087->33092 33090 fd8900 58 API calls 33088->33090 33089->33063 33091 fd3391 33090->33091 33093 fc5bb0 58 API calls 33091->33093 33094 fd3937 33092->33094 33103 fd39f6 33092->33103 33095 fd33a8 GetProcAddress 33093->33095 33097 fd8900 58 API calls 33094->33097 33098 fc5bb0 58 API calls 33095->33098 33096 fda7e0 116 API calls __stat32i64 33096->33155 33099 fd3943 33097->33099 33100 fd33d3 33098->33100 33339 fcd530 59 API calls 33099->33339 33106 fd8900 58 API calls 33100->33106 33101 fd2c7e GetModuleFileNameA SetFileAttributesA 33108 fd2cd3 CopyFileA 33101->33108 33101->33155 33102 fd3a28 33117 fd3a9a CloseHandle SetFileAttributesA CopyFileA 33102->33117 33134 fd3b7d 33102->33134 33103->33102 33340 fc4900 65 API calls 2 library calls 33103->33340 33107 fd33e5 MessageBoxA 33106->33107 33120 fc5bb0 58 API calls 33107->33120 33108->33155 33110 fd2c3c Sleep 33110->33155 33111 fd3958 33116 fc5bb0 58 API calls 33111->33116 33112 fd3a18 33115 fd3a23 33112->33115 33121 fda5b0 58 API calls 33112->33121 33341 fcc1f0 Sleep GetSystemTimeAsFileTime 33115->33341 33116->33103 33118 fd3b75 33117->33118 33119 fd3ad7 SetFileAttributesA 33117->33119 33350 fb1da0 33118->33350 33124 fd3aef 33119->33124 33125 fd3afb 33119->33125 33127 fd34a4 33120->33127 33121->33115 33123 fd3bd9 SetFileAttributesA CopyFileA SetFileAttributesA 33132 fd3c56 33123->33132 33342 fc8de0 9 API calls 33124->33342 33135 fd3b1f Sleep 33125->33135 33343 fc0510 61 API calls 33125->33343 33126 fda5b0 58 API calls 33126->33086 33323 fda5b0 33127->33323 33142 fd8900 58 API calls 33132->33142 33134->33123 33139 fd3bbb 33134->33139 33344 fc9ee0 67 API calls _memset 33134->33344 33345 fc6e60 70 API calls _memset 33134->33345 33141 fc7e90 3 API calls 33135->33141 33138 fda5b0 58 API calls 33143 fd3fa7 33138->33143 33139->33123 33140 fd3b1c 33140->33135 33141->33118 33149 fd3c65 33142->33149 33143->32252 33145 fd3bc9 Sleep 33145->33134 33146 fd8900 58 API calls 33146->33155 33147 fd2f25 SetFileAttributesA 33147->33155 33148 fd2f33 SetFileAttributesA 33148->33155 33149->33149 33150 fd8900 58 API calls 33149->33150 33151 fd3d16 33150->33151 33153 fc5bb0 58 API calls 33151->33153 33152 fc5bb0 58 API calls 33152->33155 33154 fd3d2d 33153->33154 33346 fdae47 76 API calls __fsopen 33154->33346 33155->33075 33155->33080 33155->33086 33155->33096 33155->33101 33155->33108 33155->33126 33155->33146 33155->33147 33155->33148 33155->33152 33328 fd8e80 33155->33328 33331 fc6e60 70 API calls _memset 33155->33331 33332 fc7e90 33155->33332 33157 fd3d88 33158 fc5bb0 58 API calls 33157->33158 33159 fd3d9f 33158->33159 33347 fb2240 104 API calls __fcloseall 33159->33347 33161 fd3dc5 33162 fd8900 58 API calls 33161->33162 33163 fd3de6 33162->33163 33164 fd8900 58 API calls 33163->33164 33165 fd3dfb 33164->33165 33348 fdb368 83 API calls 3 library calls 33165->33348 33167 fd3e28 33168 fc5bb0 58 API calls 33167->33168 33169 fd3ec0 33168->33169 33170 fc5bb0 58 API calls 33169->33170 33171 fd3ed1 33170->33171 33172 fc7e90 3 API calls 33171->33172 33173 fd3ee3 _memset 33172->33173 33174 fd3f0f CreateThread 33173->33174 33175 fd3f5e Sleep 33174->33175 33176 fd3f59 33174->33176 33175->33175 33349 fcd5e0 StartServiceCtrlDispatcherA 33176->33349 33178->32528 33179->32533 33181 fd8914 33180->33181 33182 fda6fd _malloc 58 API calls 33181->33182 33183 fd8980 ___check_float_string 33182->33183 33183->32541 33185 fc5c06 _memset 33184->33185 33186 fda688 _free 58 API calls 33185->33186 33187 fc5c48 GetProcAddress 33186->33187 33187->32562 33189 fb7e72 33188->33189 33190 fd8e80 GetSystemTimeAsFileTime 33189->33190 33191 fb7e9b GetTickCount 33190->33191 33354 fda678 33191->33354 33195 fd94e5 33194->33195 33196 fda6fd _malloc 58 API calls 33195->33196 33197 fd23cf 33195->33197 33199 fd9503 std::exception::exception 33195->33199 33357 fdfc1f DecodePointer 33195->33357 33196->33195 33197->33029 33326 fc7540 59 API calls 33197->33326 33358 fdf37c RaiseException 33199->33358 33201 fd952d 33359 fbd580 33202->33359 33204 fcacf5 GetVersionExA 33361 fba200 33204->33361 33209 fcaec2 33211 fd8900 58 API calls 33209->33211 33212 fcaee3 33211->33212 33381 fcde40 33212->33381 33215 fcad75 33215->33215 33217 fcadf8 CreateDirectoryA 33215->33217 33216 fc5bb0 58 API calls 33221 fcaf0c 33216->33221 33218 fd8900 58 API calls 33217->33218 33219 fcae30 33218->33219 33219->33219 33220 fc5bb0 58 API calls 33219->33220 33220->33209 33385 fc4360 33221->33385 33224 fcb0de 33225 fbe620 59 API calls 33224->33225 33229 fcb127 33225->33229 33226 fcb072 DeleteFileA 33227 fcb0a0 33226->33227 33228 fcb0d1 RemoveDirectoryA 33226->33228 33227->33228 33228->33224 33229->33229 33230 fcb1da CreateDirectoryA 33229->33230 33231 fcb21f 33230->33231 33232 fcb266 CreateDirectoryA 33231->33232 33233 fd8900 58 API calls 33232->33233 33234 fcb287 33233->33234 33234->33234 33235 fd8900 58 API calls 33234->33235 33236 fcb317 33235->33236 33237 fc5bb0 58 API calls 33236->33237 33238 fcb34d 33237->33238 33239 fcde40 59 API calls 33238->33239 33240 fcb469 33239->33240 33241 fc5bb0 58 API calls 33240->33241 33242 fcb477 33241->33242 33243 fc4360 5 API calls 33242->33243 33244 fcb4d5 33243->33244 33245 fcbbba 33244->33245 33246 fcb4e9 33244->33246 33247 fcb531 33244->33247 33250 fcbbc6 SetFileAttributesA 33245->33250 33248 fd8900 58 API calls 33246->33248 33249 fd8900 58 API calls 33247->33249 33251 fcb4f5 33248->33251 33252 fcb53d 33249->33252 33258 fcbc35 _memset codecvt 33250->33258 33400 fdb368 83 API calls 3 library calls 33251->33400 33401 fdb368 83 API calls 3 library calls 33252->33401 33255 fcb51b 33259 fc5bb0 58 API calls 33255->33259 33256 fcb563 33257 fc5bb0 58 API calls 33256->33257 33260 fcb52c CreateDirectoryA 33257->33260 33258->33031 33259->33260 33262 fcb643 33260->33262 33262->33262 33263 fcb683 CreateDirectoryA 33262->33263 33264 fd8900 58 API calls 33263->33264 33265 fcb6c8 33264->33265 33265->33265 33266 fd8900 58 API calls 33265->33266 33267 fcb758 33266->33267 33268 fc5bb0 58 API calls 33267->33268 33269 fcb76f 33268->33269 33270 fcde40 59 API calls 33269->33270 33271 fcb784 33270->33271 33272 fc5bb0 58 API calls 33271->33272 33273 fcb792 33272->33273 33274 fc4360 5 API calls 33273->33274 33275 fcb7be 33274->33275 33275->33245 33276 fcb7c9 GetTempPathA 33275->33276 33277 fcb7f0 33276->33277 33278 fcb8ec CreateDirectoryA 33277->33278 33279 fd8900 58 API calls 33278->33279 33280 fcb90d 33279->33280 33280->33280 33281 fd8900 58 API calls 33280->33281 33282 fcb9b1 33281->33282 33283 fc5bb0 58 API calls 33282->33283 33284 fcb9c8 33283->33284 33285 fcde40 59 API calls 33284->33285 33286 fcb9dd 33285->33286 33287 fc5bb0 58 API calls 33286->33287 33288 fcb9eb 33287->33288 33289 fc4360 5 API calls 33288->33289 33290 fcba17 33289->33290 33291 fcbb1f 33290->33291 33292 fcba22 GetTempPathA 33290->33292 33291->33245 33293 fcba50 33292->33293 33293->33293 33294 fd8900 58 API calls 33293->33294 33295 fcba8d 33294->33295 33295->33295 33296 fc5bb0 58 API calls 33295->33296 33296->33291 33298 1005f72 33297->33298 33299 1005f37 33297->33299 33423 1005fb3 63 API calls 2 library calls 33298->33423 33304 1005f52 33299->33304 33421 fe0f5a 58 API calls __getptd_noexit 33299->33421 33302 1005f43 33422 fe0452 9 API calls __invalid_parameter_noinfo_noreturn 33302->33422 33304->33054 33305 1005f4e 33305->33054 33424 fb8e40 33306->33424 33308 fca3cf 33309 fc7e90 3 API calls 33308->33309 33310 fca3e0 _memset 33309->33310 33310->33077 33312 fc0ea8 33311->33312 33313 fc0ea3 _memset 33311->33313 33314 fc0ff0 Sleep 33312->33314 33313->33081 33315 fc1056 33314->33315 33316 fd8900 58 API calls 33315->33316 33317 fc10b9 33316->33317 33317->33317 33318 fc5bb0 58 API calls 33317->33318 33319 fc1192 FindFirstFileA 33318->33319 33319->33313 33320 fc11e1 DeleteFileA FindNextFileA 33319->33320 33322 fc12bc FindClose 33320->33322 33322->33313 33449 fda481 33323->33449 33325 fd34ae 33325->33083 33326->33029 33327->33155 33476 fda78f GetSystemTimeAsFileTime 33328->33476 33330 fd8e8c 33330->33155 33331->33110 33478 fdecc0 33332->33478 33334 fc7f01 CreateProcessA 33335 fc7f5a CloseHandle CloseHandle 33334->33335 33336 fc7fa5 33334->33336 33335->33336 33336->33155 33337->33065 33338->33071 33339->33111 33340->33112 33341->33102 33342->33125 33343->33140 33344->33134 33345->33145 33346->33157 33347->33161 33348->33167 33349->33175 33351 fb1e2f 33350->33351 33352 fb1e67 WaitForSingleObject 33350->33352 33351->33352 33353 fb1ed1 33352->33353 33353->33138 33355 fe28c0 _TestDefaultLanguage 58 API calls 33354->33355 33356 fb7f31 33355->33356 33356->33020 33357->33195 33358->33201 33360 fbd58f 33359->33360 33360->33204 33362 fba2c2 AllocateAndInitializeSid 33361->33362 33363 fba28c 33361->33363 33364 fba435 33362->33364 33365 fba324 CheckTokenMembership 33362->33365 33363->33362 33368 fb6ca0 33364->33368 33366 fba402 FreeSid 33365->33366 33367 fba357 33365->33367 33366->33364 33367->33366 33369 fd8900 58 API calls 33368->33369 33370 fb6cd8 GetProcAddress 33369->33370 33371 fc5bb0 58 API calls 33370->33371 33372 fb6d5c 33371->33372 33373 fb6d8c 33372->33373 33374 fb6d7e GetCurrentProcess 33372->33374 33373->33209 33375 fbe620 GetWindowsDirectoryA 33373->33375 33374->33373 33376 fbe688 33375->33376 33377 fbe6ec 33376->33377 33378 fd8900 58 API calls 33376->33378 33377->33215 33379 fbe6a1 33378->33379 33380 fc5bb0 58 API calls 33379->33380 33380->33377 33382 fcde84 codecvt 33381->33382 33402 fc4780 33382->33402 33386 fc436d __write_nolock 33385->33386 33387 fb1da0 WaitForSingleObject 33386->33387 33388 fc43d5 33387->33388 33389 fc43f6 CreateFileA 33388->33389 33390 fc43e1 33388->33390 33392 fc4418 33389->33392 33395 fc442e ___check_float_string 33389->33395 33418 fb6df0 ReleaseMutex 33390->33418 33419 fb6df0 ReleaseMutex 33392->33419 33394 fc43ec 33394->33224 33394->33226 33396 fc449d WriteFile 33395->33396 33396->33395 33397 fc4549 CloseHandle 33396->33397 33420 fb6df0 ReleaseMutex 33397->33420 33399 fc455e 33399->33394 33400->33255 33401->33256 33405 fb8950 33402->33405 33406 fb8960 _DebugHeapAllocator 33405->33406 33409 fc7dd0 33406->33409 33408 fb8970 33408->33216 33410 fc7de3 _DebugHeapAllocator 33409->33410 33411 fc7e0a 33410->33411 33412 fc7dea std::ios_base::clear 33410->33412 33417 fbbea0 59 API calls 2 library calls 33411->33417 33416 fbe390 59 API calls 4 library calls 33412->33416 33415 fc7e08 std::ios_base::clear char_traits 33415->33408 33416->33415 33417->33415 33418->33394 33419->33394 33420->33399 33421->33302 33422->33305 33423->33304 33425 fb8e9a 33424->33425 33426 fd8e91 59 API calls 33425->33426 33427 fb8ed3 CreateFileA 33426->33427 33428 fb91ec 33427->33428 33429 fb8f05 ReadFile CloseHandle 33427->33429 33428->33308 33446 fce430 33429->33446 33432 fb8f5c 33432->33432 33433 fd8900 58 API calls 33432->33433 33434 fb9080 33433->33434 33434->33434 33435 fc5bb0 58 API calls 33434->33435 33436 fb90f1 33435->33436 33437 fb915b CreateFileA 33436->33437 33438 fd8900 58 API calls 33436->33438 33437->33428 33439 fb917d WriteFile CloseHandle 33437->33439 33440 fb9106 33438->33440 33439->33428 33448 fdb534 83 API calls 3 library calls 33440->33448 33443 fb914a 33444 fc5bb0 58 API calls 33443->33444 33445 fb9158 33444->33445 33445->33437 33447 fb8f49 GetTickCount 33446->33447 33447->33432 33448->33443 33450 fda48d __setmbcp 33449->33450 33451 fe050d __lock 51 API calls 33450->33451 33452 fda494 33451->33452 33453 fda4c2 DecodePointer 33452->33453 33455 fda54d _doexit 33452->33455 33453->33455 33456 fda4d9 DecodePointer 33453->33456 33469 fda59b 33455->33469 33462 fda4e9 33456->33462 33458 fda5aa __setmbcp 33458->33325 33460 fda4f6 EncodePointer 33460->33462 33461 fda592 33463 fda17e _doexit 3 API calls 33461->33463 33462->33455 33462->33460 33464 fda506 DecodePointer EncodePointer 33462->33464 33465 fda59b 33463->33465 33467 fda518 DecodePointer DecodePointer 33464->33467 33466 fda5a8 33465->33466 33474 fe0697 LeaveCriticalSection 33465->33474 33466->33325 33467->33462 33470 fda57b 33469->33470 33471 fda5a1 33469->33471 33470->33458 33473 fe0697 LeaveCriticalSection 33470->33473 33475 fe0697 LeaveCriticalSection 33471->33475 33473->33461 33474->33466 33475->33470 33477 fda7bd __time64 33476->33477 33477->33330 33479 fdeccc 33478->33479 33479->33334 33479->33479

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 00FCE9C0 Relevance: 272.4, APIs: 151, Strings: 2, Instructions: 4607libraryloadersleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00FCECF9
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FCED7D
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?), ref: 00FCEF7A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF009
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF0CA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF194
                                                                                                                                                                                                                  • Part of subcall function 00FD8900: _malloc.LIBCMT ref: 00FD897B
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _memset.LIBCMT ref: 00FC5C01
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _free.LIBCMT ref: 00FC5C43
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF2E2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF320
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF35E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF39C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF3DA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF418
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF47E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF4F9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF57A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF670
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF6AF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF77F
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF7FC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF853
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCF9FD
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFA3C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFA7B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFAD8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFB4E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFBE8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFC27
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFCA7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFCE5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFD53
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFD91
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFDCF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFE4A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFE89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFEC8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFF70
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FCFFAE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0013
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0051
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD00B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD00F7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD024B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD028A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD02D5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0314
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0353
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD03BC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD041D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD04E0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD054B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD065A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0699
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0790
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD07D9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0838
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0877
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD08E6
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0925
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0964
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD09D3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0AE9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0BD4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0C52
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0CD9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0D2B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0D6A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0E21
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00FD0EA6
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 00FD0EF6
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00FD0F92
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD0FEE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD102D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD10E2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD1131
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD118A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD11C9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD1208
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD12B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD12F8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD14DB
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD15E0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD1634
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD1673
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD16B2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD1730
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD176E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00FD17E5
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 00FD18B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD18F8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1990
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD19CF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1A26
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1A89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1AD8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1B3B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1BAA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1C18
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1D36
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1D75
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1DB4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1DF3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1E32
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1E89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1EF0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD1FA7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD201D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD205B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD2118
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD2175
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD21B4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD21F3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD2232
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00FD2299
                                                                                                                                                                                                                  • Part of subcall function 00FB7DE0: GetSystemTime.KERNEL32(?,?,?,?,?,?,00FB74FC), ref: 00FB7E5C
                                                                                                                                                                                                                  • Part of subcall function 00FB7DE0: GetTickCount.KERNEL32 ref: 00FB7EEF
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(?,C:\Users\user,00000104), ref: 00FD233E
                                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 00FD2391
                                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 00FD23AC
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 00FD23BD
                                                                                                                                                                                                                  • Part of subcall function 00FD94DD: _malloc.LIBCMT ref: 00FD94F5
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00FD2543
                                                                                                                                                                                                                • __itow.LIBCMT ref: 00FD254A
                                                                                                                                                                                                                  • Part of subcall function 00FCACD0: GetVersionExA.KERNEL32(01016DB8), ref: 00FCAD42
                                                                                                                                                                                                                  • Part of subcall function 00FCACD0: CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00FCAE1E
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 00FD2A37
                                                                                                                                                                                                                  • Part of subcall function 00FDA7E0: ___copy_path_to_wide_string.LIBCMT ref: 00FDA7F5
                                                                                                                                                                                                                • Sleep.KERNEL32(00000D05), ref: 00FD2A7E
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 00FD2A92
                                                                                                                                                                                                                  • Part of subcall function 00FDA7E0: __wstat64i32.LIBCMT ref: 00FDA80D
                                                                                                                                                                                                                  • Part of subcall function 00FDA7E0: _free.LIBCMT ref: 00FDA817
                                                                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 00FD2C44
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 00FD2C57
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000200), ref: 00FD2C8C
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000080), ref: 00FD2C9B
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,00000000,00000000), ref: 00FD2CE0
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000002), ref: 00FD2F2B
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000080), ref: 00FD2F3C
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 00FD302E
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 00FD3071
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000200), ref: 00FD313E
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 00FD3379
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 00FD33B9
                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,?,?,?), ref: 00FD3490
                                                                                                                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 00FD3912
                                                                                                                                                                                                                  • Part of subcall function 00FC1CE0: _strstr.LIBCMT ref: 00FC1CEB
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00FD3AA1
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080), ref: 00FD3AB3
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,?,00000000), ref: 00FD3AC9
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000002), ref: 00FD3AE0
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 00FD3B3C
                                                                                                                                                                                                                  • Part of subcall function 00FC4900: _memset.LIBCMT ref: 00FC4A25
                                                                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 00FD3BD1
                                                                                                                                                                                                                  • Part of subcall function 00FDAE47: __fsopen.LIBCMT ref: 00FDAE52
                                                                                                                                                                                                                  • Part of subcall function 00FB2240: Sleep.KERNEL32(000003E8), ref: 00FB22FA
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(01017090,00000080), ref: 00FD3BE3
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,01017090,00000000), ref: 00FD3BF7
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(01017090,00000002), ref: 00FD3C44
                                                                                                                                                                                                                  • Part of subcall function 00FC6E60: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00FC6EEE
                                                                                                                                                                                                                  • Part of subcall function 00FC6E60: Process32First.KERNEL32(00000000,00000128), ref: 00FC6F71
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00FD3E23
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FD3EF4
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FD3F0A
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00007390,00000000,00000000,00000000), ref: 00FD3F21
                                                                                                                                                                                                                • Sleep.KERNEL32(0000C350), ref: 00FD3F63
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 00FD263F
                                                                                                                                                                                                                  • Part of subcall function 00FDA5B0: _doexit.LIBCMT ref: 00FDA5BA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$File$AttributesSleep$Create$_memset$LibraryLoad$CopyModuleMutex__stat32i64_malloc$CommandCountHandleLineNameTick_free$CloseDirectoryEnvironmentFirstMessageProcess32SnapshotStartupSystemThreadTimeToolhelp32VariableVersion___copy_path_to_wide_string__fsopen__itow__snprintf__wstat64i32_doexit_strstr
                                                                                                                                                                                                                • String ID: C:\Users\user$q
                                                                                                                                                                                                                • API String ID: 3963012180-181273578
                                                                                                                                                                                                                • Opcode ID: 6dc53f850369943af7d3401aec66e2ca7aeb9477b3816a8c7a50745632de9f39
                                                                                                                                                                                                                • Instruction ID: 25b39db02f9e2db8f28af90c955f5e943879a48aef52ad00eb90fd3e2d374c60
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6dc53f850369943af7d3401aec66e2ca7aeb9477b3816a8c7a50745632de9f39
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BA3BE71D00A089FC322DF74EC42BA9B775BF8A704F04824AF5896B249EB7E5980DF51
                                                                                                                                                                                                                Function 00FCACD0 Relevance: 30.7, APIs: 15, Strings: 2, Instructions: 936fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 861 fcacd0-fcad63 call fbd580 GetVersionExA call fba200 call fb6ca0 868 fcad69-fcada6 call fbe620 861->868 869 fcaec7-fcaecf 861->869 875 fcadac-fcadbc 868->875 870 fcaed7-fcaf36 call fd8900 call fcde40 call fc5bb0 869->870 885 fcaf38-fcaf50 870->885 886 fcaf79-fcaf89 870->886 875->875 877 fcadbe-fcade2 875->877 879 fcade5-fcadf6 877->879 879->879 881 fcadf8-fcae2b CreateDirectoryA call fd8900 879->881 884 fcae30-fcae45 881->884 889 fcae4b-fcae5b 884->889 887 fcaf77 885->887 888 fcaf52-fcaf6f 885->888 890 fcaf91-fcafbf call fc0d00 call fc0a50 call fc4360 886->890 887->890 888->887 889->889 891 fcae5d-fcae81 889->891 902 fcb0de-fcb188 call fbe620 890->902 903 fcafc5-fcb01b 890->903 893 fcae84-fcae95 891->893 893->893 895 fcae97-fcaec5 call fc5bb0 893->895 895->870 910 fcb18e-fcb19e 902->910 905 fcb01d-fcb06a 903->905 906 fcb072-fcb09e DeleteFileA 903->906 905->906 908 fcb0a0-fcb0cc 906->908 909 fcb0d1-fcb0d8 RemoveDirectoryA 906->909 908->909 909->902 910->910 911 fcb1a0-fcb1c4 910->911 912 fcb1c7-fcb1d8 911->912 912->912 913 fcb1da-fcb219 CreateDirectoryA 912->913 914 fcb21f-fcb245 913->914 914->914 915 fcb247-fcb24e 914->915 916 fcb25a-fcb29c call fcaa00 CreateDirectoryA call fd8900 915->916 917 fcb250 915->917 922 fcb2a2-fcb2b2 916->922 917->916 922->922 923 fcb2b4-fcb2d8 922->923 924 fcb2db-fcb2ec 923->924 924->924 925 fcb2ee-fcb398 call fd8900 call fc5bb0 924->925 930 fcb39e-fcb42c 925->930 931 fcb457-fcb4da call fcde40 call fc5bb0 call fc0d00 call fc0a50 call fc4360 925->931 930->931 932 fcb42e-fcb451 930->932 943 fcbbba-fcbc2f call fcaa00 SetFileAttributesA 931->943 944 fcb4e0-fcb4e7 931->944 932->931 951 fcbcee-fcbd14 call fdecc0 call fc0810 943->951 952 fcbc35-fcbca0 943->952 945 fcb4e9-fcb52f call fd8900 call fdb368 call fc5bb0 944->945 946 fcb531-fcb574 call fd8900 call fdb368 call fc5bb0 944->946 969 fcb577-fcb5ac 945->969 946->969 955 fcbcda-fcbce6 952->955 956 fcbca2-fcbcd8 952->956 955->951 956->951 970 fcb5b2-fcb5c2 969->970 970->970 971 fcb5c4-fcb5e8 970->971 972 fcb5eb-fcb5fc 971->972 972->972 973 fcb5fe-fcb63d CreateDirectoryA 972->973 974 fcb643-fcb669 973->974 974->974 975 fcb66b-fcb6dd call fcaa00 CreateDirectoryA call fd8900 974->975 980 fcb6e3-fcb6f3 975->980 980->980 981 fcb6f5-fcb719 980->981 982 fcb71c-fcb72d 981->982 982->982 983 fcb72f-fcb7c3 call fd8900 call fc5bb0 call fcde40 call fc5bb0 call fc0d00 call fc0a50 call fc4360 982->983 983->943 998 fcb7c9-fcb7ea GetTempPathA 983->998 999 fcb7f0-fcb800 998->999 999->999 1000 fcb802-fcb829 999->1000 1001 fcb834-fcb838 1000->1001 1002 fcb89f-fcb8b2 1001->1002 1003 fcb83a-fcb848 1001->1003 1006 fcb8b8-fcb8de 1002->1006 1004 fcb89d 1003->1004 1005 fcb84a-fcb89b 1003->1005 1004->1001 1005->1002 1006->1006 1008 fcb8e0-fcb936 call fcaa00 CreateDirectoryA call fd8900 1006->1008 1013 fcb93c-fcb94c 1008->1013 1013->1013 1014 fcb94e-fcb972 1013->1014 1015 fcb975-fcb986 1014->1015 1015->1015 1016 fcb988-fcba1c call fd8900 call fc5bb0 call fcde40 call fc5bb0 call fc0d00 call fc0a50 call fc4360 1015->1016 1031 fcbb3a-fcbb7e 1016->1031 1032 fcba22-fcba4a GetTempPathA 1016->1032 1031->943 1034 fcbb80-fcbbb5 1031->1034 1033 fcba50-fcba7f 1032->1033 1033->1033 1035 fcba81-fcbaa2 call fd8900 1033->1035 1034->943 1038 fcbaa8-fcbab8 1035->1038 1038->1038 1039 fcbaba-fcbade 1038->1039 1040 fcbae1-fcbaf2 1039->1040 1040->1040 1041 fcbaf4-fcbb32 call fc5bb0 1040->1041 1041->1031
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersionExA.KERNEL32(01016DB8), ref: 00FCAD42
                                                                                                                                                                                                                  • Part of subcall function 00FBA200: AllocateAndInitializeSid.ADVAPI32(00000000,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00FBA311
                                                                                                                                                                                                                  • Part of subcall function 00FBA200: CheckTokenMembership.KERNELBASE(00000000,?,00000000), ref: 00FBA349
                                                                                                                                                                                                                  • Part of subcall function 00FB6CA0: GetProcAddress.KERNEL32(74DD0000,?), ref: 00FB6CE8
                                                                                                                                                                                                                  • Part of subcall function 00FB6CA0: GetCurrentProcess.KERNEL32(00000000), ref: 00FB6D82
                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00FCAE1E
                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(00000000,?,?,?,?,?,?), ref: 00FCB079
                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(00000000,?,?,?,?,?,?), ref: 00FCB0D8
                                                                                                                                                                                                                  • Part of subcall function 00FBE620: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00FBE679
                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?), ref: 00FCB200
                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?), ref: 00FCB275
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _memset.LIBCMT ref: 00FC5C01
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _free.LIBCMT ref: 00FC5C43
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00FCB516
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00FCB55E
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00FCB624
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00FCB692
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,00000000,?,?,?,?,?,?), ref: 00FCB7D5
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 00FCB8FB
                                                                                                                                                                                                                  • Part of subcall function 00FD8900: _malloc.LIBCMT ref: 00FD897B
                                                                                                                                                                                                                  • Part of subcall function 00FC4360: CreateFileA.KERNELBASE(00000002,40000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 00FC4409
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,00000000,?,?,?,?,?,?), ref: 00FCBA2E
                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(00000000,00000002,?,?,?,?,?,?,?), ref: 00FCBBEE
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FCBCFC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Directory$Create$File$PathTemp__snprintf_memset$AddressAllocateAttributesCheckCurrentDeleteInitializeMembershipProcProcessRemoveTokenVersionWindows_free_malloc
                                                                                                                                                                                                                • String ID: C:\Users\user$\
                                                                                                                                                                                                                • API String ID: 3801090003-732849219
                                                                                                                                                                                                                • Opcode ID: 86541eedbb1b384438bfcb0de3b46e3aeb4602502e3b30725a89af5689b5d61a
                                                                                                                                                                                                                • Instruction ID: 3a43395cb1460ea2d2593f3a8cf50f27cc2c6199507f5873b9cf9acbe6b74307
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86541eedbb1b384438bfcb0de3b46e3aeb4602502e3b30725a89af5689b5d61a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAA2AE75D006498FCB26CFA4DC51BEDB7B1BF8A304F148299E44A7B245EB7A1A84DF40
                                                                                                                                                                                                                Function 00FC0E80 Relevance: 9.3, APIs: 6, Instructions: 286sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1152 fc0e80-fc0ea1 1153 fc0ea8-fc0ecd 1152->1153 1154 fc0ea3 1152->1154 1156 fc0ecf-fc0ef1 1153->1156 1157 fc0ef3-fc0f08 1153->1157 1155 fc1364-fc1369 1154->1155 1158 fc0f0e-fc0fdb call fce430 1156->1158 1157->1158 1161 fc0fde-fc0fee 1158->1161 1161->1161 1162 fc0ff0-fc1053 Sleep 1161->1162 1163 fc1056-fc1066 1162->1163 1163->1163 1164 fc1068-fc1080 1163->1164 1165 fc1083-fc1094 1164->1165 1165->1165 1166 fc1096-fc10fc call fd8900 1165->1166 1169 fc10ff-fc110f 1166->1169 1169->1169 1170 fc1111-fc1129 1169->1170 1171 fc112c-fc113d 1170->1171 1171->1171 1172 fc113f-fc11db call fc5bb0 FindFirstFileA 1171->1172 1175 fc12c6-fc135c call fdecc0 1172->1175 1176 fc11e1-fc1213 1172->1176 1175->1155 1177 fc121b-fc1232 1176->1177 1179 fc1235-fc1245 1177->1179 1179->1179 1181 fc1247-fc125f 1179->1181 1182 fc1262-fc1273 1181->1182 1182->1182 1183 fc1275-fc12b6 DeleteFileA FindNextFileA 1182->1183 1183->1177 1184 fc12bc-fc12c0 FindClose 1183->1184 1184->1175
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNELBASE(000003E8), ref: 00FC1037
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                • Opcode ID: d50c63d4d2296531ffaa48641cfb1572f06ed7fafbdfddaac75403078334405f
                                                                                                                                                                                                                • Instruction ID: c2431d243683c21be4d0e133d05c5911b2eb00e3e1b7906dae69c46ee31109d5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d50c63d4d2296531ffaa48641cfb1572f06ed7fafbdfddaac75403078334405f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26E19D75C006489FCB26CFB9E9416ADBBB1BF8A304F148349E8867B249D77E1985CF50
                                                                                                                                                                                                                Function 00FBA200 Relevance: 4.6, APIs: 3, Instructions: 123memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1289 fba200-fba28a 1290 fba28c-fba2b0 1289->1290 1291 fba2c2-fba31e AllocateAndInitializeSid 1289->1291 1290->1291 1292 fba2b2-fba2ba 1290->1292 1293 fba435-fba437 1291->1293 1294 fba324-fba351 CheckTokenMembership 1291->1294 1292->1291 1295 fba439-fba449 1293->1295 1296 fba451-fba457 1293->1296 1297 fba402-fba42f FreeSid 1294->1297 1298 fba357-fba39b 1294->1298 1295->1296 1297->1293 1299 fba39d-fba3e1 1298->1299 1300 fba3e3-fba3f3 1298->1300 1301 fba3fb 1299->1301 1300->1301 1301->1297
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(00000000,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00FBA311
                                                                                                                                                                                                                • CheckTokenMembership.KERNELBASE(00000000,?,00000000), ref: 00FBA349
                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 00FBA42F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3429775523-0
                                                                                                                                                                                                                • Opcode ID: 6a71c2366f273330a78884de527997c8651c6400e332786b2ab53b134a9db61c
                                                                                                                                                                                                                • Instruction ID: 8fc18b5b4d4a0a712512fe686dfec16d5777591c9c139f228ccf4339041ce20c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a71c2366f273330a78884de527997c8651c6400e332786b2ab53b134a9db61c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D515571810A49CEC327CFB9E85136AB774BF9B345F54830AE4867F149EBBE60859B40
                                                                                                                                                                                                                Function 00FDEEA4 Relevance: 24.1, APIs: 16, Instructions: 89COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1044 fdeea4-fdeed6 call fec365 call fdfdf0 call fe08f3 call fec318 1054 fdeedc-fdeeeb 1044->1054 1055 fdeed8-fdeeda 1044->1055 1054->1055 1057 fdeeed-fdeef9 1054->1057 1056 fdef0f-fdef19 call fe2a93 1055->1056 1062 fdef1b-fdef22 call fdf044 1056->1062 1063 fdef23-fdef2a call fe29fa 1056->1063 1057->1055 1059 fdeefb-fdef04 1057->1059 1059->1056 1061 fdef06-fdef0c 1059->1061 1061->1056 1062->1063 1068 fdef2c-fdef33 call fdf044 1063->1068 1069 fdef34-fdef44 call fe04cd call fea5a6 1063->1069 1068->1069 1076 fdef4e-fdef6a GetCommandLineA call fec401 call fec008 1069->1076 1077 fdef46-fdef4d call fdf044 1069->1077 1084 fdef6c-fdef73 call fda2a1 1076->1084 1085 fdef74-fdef7b call fec237 1076->1085 1077->1076 1084->1085 1090 fdef7d-fdef84 call fda2a1 1085->1090 1091 fdef85-fdef8f call fda2db 1085->1091 1090->1091 1096 fdef98-fdefa6 call fec48e call fc2280 1091->1096 1097 fdef91-fdef97 call fda2a1 1091->1097 1103 fdefab-fdefb2 1096->1103 1097->1096 1104 fdefba-fdeffd call fda2cc call fdfe35 1103->1104 1105 fdefb4-fdefb5 call fda5b0 1103->1105 1105->1104
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __amsg_exit_fast_error_exit$___crt$CommandEnvironmentInfoInitializeLineModeShowStartupStringsWindow___security_init_cookie__cinit__ioinit__setargv__setenvp__wincmdln
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 722230336-0
                                                                                                                                                                                                                • Opcode ID: 3962b0bc3c76969e73a2bdc703d59d362b93c80a7f356f6f4b4d4d68f1540dfe
                                                                                                                                                                                                                • Instruction ID: fa41bf34381890e1f175f8c53c53a6e00f92169fe70ff65960d332abdc6fc0af
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3962b0bc3c76969e73a2bdc703d59d362b93c80a7f356f6f4b4d4d68f1540dfe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF21E221A0034599EB2077B29D47B2E33566F10762F1C017BF6049F2C3EEBDC941B6A6
                                                                                                                                                                                                                Function 00FB8E40 Relevance: 12.3, APIs: 8, Instructions: 271fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1112 fb8e40-fb8e98 1113 fb8eca-fb8eff call fd8e91 CreateFileA 1112->1113 1114 fb8e9a-fb8ec2 1112->1114 1117 fb91ec-fb9203 call fdb5d4 1113->1117 1118 fb8f05-fb8f92 ReadFile CloseHandle call fce430 GetTickCount call fb9210 1113->1118 1114->1113 1125 fb8f95-fb8fa5 1118->1125 1125->1125 1126 fb8fa7-fb8fc6 1125->1126 1127 fb8fc9-fb8fd9 1126->1127 1127->1127 1128 fb8fdb-fb8ff0 1127->1128 1129 fb8ff3-fb9004 1128->1129 1129->1129 1130 fb9006-fb908f call fd8900 1129->1130 1133 fb9092-fb90a2 1130->1133 1133->1133 1134 fb90a4-fb90b9 1133->1134 1135 fb90bc-fb90cd 1134->1135 1135->1135 1136 fb90cf-fb90f8 call fc5bb0 1135->1136 1139 fb915b-fb917b CreateFileA 1136->1139 1140 fb90fa-fb9118 call fd8900 1136->1140 1139->1117 1142 fb917d-fb9184 1139->1142 1146 fb911b-fb912b 1140->1146 1144 fb91ca-fb91e6 WriteFile CloseHandle 1142->1144 1145 fb9186-fb91c4 1142->1145 1144->1117 1145->1144 1146->1146 1147 fb912d-fb9158 call fdb534 call fc5bb0 1146->1147 1147->1139
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00FB8EF2
                                                                                                                                                                                                                • ReadFile.KERNELBASE(000000FF,?,?,?,00000000), ref: 00FB8F17
                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 00FB8F35
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00FB8F4C
                                                                                                                                                                                                                  • Part of subcall function 00FD8900: _malloc.LIBCMT ref: 00FD897B
                                                                                                                                                                                                                • _sprintf.LIBCMT ref: 00FB9145
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000001,40000000,00000000,00000000,00000002,00000000,00000000), ref: 00FB916E
                                                                                                                                                                                                                • WriteFile.KERNELBASE(000000FF,?,?,?,00000000), ref: 00FB91DC
                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 00FB91E6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$CloseCreateHandle$CountReadTickWrite_malloc_sprintf
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3359727986-0
                                                                                                                                                                                                                • Opcode ID: aad98a9d487fe5975cb1debd1e8484cecbd036090f9f8938ab212b8cf3cb79cb
                                                                                                                                                                                                                • Instruction ID: 3a3e065df7710337677b75553114fbeb526a6da6743cf265318ec96de6090f5b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aad98a9d487fe5975cb1debd1e8484cecbd036090f9f8938ab212b8cf3cb79cb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0C18E75D007489FCB16CFE8D851AAEBBB6BF8A300F148209E945BB345D77A6981CF50
                                                                                                                                                                                                                Function 00FC7E90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70processCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1185 fc7e90-fc7f58 call fdecc0 CreateProcessA 1188 fc7f5a-fc7fa0 CloseHandle * 2 1185->1188 1189 fc7fa5-fc7fa8 1185->1189 1188->1189
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FC7EFC
                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,00FB1B70,00000000,00000000,00000000,00000008,00000000,00000000,00000044,?), ref: 00FC7F50
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00FB1B70), ref: 00FC7F5E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00FC7F68
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle$CreateProcess_memset
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 3113380336-2746444292
                                                                                                                                                                                                                • Opcode ID: da3fc7866ffdec52a9a191e01a44ea8cc4187ca69fe7d93c776493005d11cf59
                                                                                                                                                                                                                • Instruction ID: f92e1e5e06c38918bbda0c81026e2a11358058003c265a72cfab876dda7f8357
                                                                                                                                                                                                                • Opcode Fuzzy Hash: da3fc7866ffdec52a9a191e01a44ea8cc4187ca69fe7d93c776493005d11cf59
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0314DB59107089FC722DFB4DC41B99B7B4BFCA704F108219F54AAB288EBBE5581CB14
                                                                                                                                                                                                                Function 00FC2280 Relevance: 4.8, APIs: 1, Strings: 1, Instructions: 1305COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1190 fc2280-fc22e9 1191 fc22eb-fc2303 1190->1191 1192 fc2305-fc2314 1190->1192 1193 fc231a-fc23fa 1191->1193 1192->1193 1194 fc23fc-fc2430 1193->1194 1195 fc2438-fc2564 1193->1195 1194->1195 1196 fc2566-fc2568 1195->1196 1197 fc2582-fc2594 1195->1197 1196->1197 1198 fc256a-fc257a 1196->1198 1199 fc25ae-fc25d6 1197->1199 1200 fc2596-fc25a6 1197->1200 1198->1197 1201 fc25d8-fc25e4 1199->1201 1202 fc25e6-fc25e8 1199->1202 1200->1199 1203 fc260f-fc265d 1201->1203 1202->1203 1204 fc25ea-fc2607 1202->1204 1205 fc265f-fc2693 1203->1205 1206 fc2695-fc26a5 1203->1206 1204->1203 1207 fc26ad-fc26ff 1205->1207 1206->1207 1208 fc2767-fc28f4 call fd8e91 1207->1208 1209 fc2701-fc275f 1207->1209 1212 fc2946-fc2976 1208->1212 1213 fc28f6-fc2944 1208->1213 1209->1208 1214 fc29a4-fc2a11 1212->1214 1215 fc2978-fc299c 1212->1215 1213->1214 1216 fc2a8c-fc2a92 1214->1216 1217 fc2a13-fc2a84 1214->1217 1215->1214 1218 fc2a98-fc2ab8 1216->1218 1219 fc2e62-fc2f06 1216->1219 1217->1216 1220 fc2acc-fc2b95 1218->1220 1221 fc2aba-fc2ac6 1218->1221 1222 fc2f18-fc2fc2 1219->1222 1223 fc2f08-fc2f10 1219->1223 1226 fc2bb4-fc2bea 1220->1226 1227 fc2b97-fc2bae 1220->1227 1221->1220 1224 fc2fd4-fc2ffd 1222->1224 1225 fc2fc4-fc2fcc 1222->1225 1223->1222 1228 fc2fff-fc304d 1224->1228 1229 fc3055-fc3107 1224->1229 1225->1224 1230 fc2bec-fc2c09 1226->1230 1231 fc2c59-fc2cea 1226->1231 1227->1226 1228->1229 1232 fc311d-fc316b 1229->1232 1233 fc3109-fc3115 1229->1233 1234 fc2c1d-fc2c51 1230->1234 1235 fc2c0b-fc2c1b 1230->1235 1236 fc2cec-fc2d0c 1231->1236 1237 fc2d29-fc2e5d 1231->1237 1238 fc316d-fc317a 1232->1238 1239 fc3181-fc31b2 1232->1239 1233->1232 1234->1231 1235->1231 1236->1237 1240 fc2d0e-fc2d22 1236->1240 1237->1216 1238->1239 1241 fc31b4-fc31e5 1239->1241 1242 fc31e7-fc3202 1239->1242 1240->1237 1243 fc320a-fc3342 1241->1243 1242->1243 1244 fc3344-fc338a 1243->1244 1245 fc3390-fc33f9 1243->1245 1244->1245 1246 fc342c-fc34f8 1245->1246 1247 fc33fb-fc3424 1245->1247 1248 fc34fd-fc3503 1246->1248 1247->1246 1249 fc395d-fc39c9 1248->1249 1250 fc3509-fc3603 1248->1250 1251 fc39fe-fc3b93 call fdecc0 call fdb5d4 1249->1251 1252 fc39cb-fc39f6 1249->1252 1253 fc36b8-fc36dd 1250->1253 1254 fc3609-fc362d 1250->1254 1268 fc3b95-fc3bd8 1251->1268 1269 fc3be0-fc3d66 1251->1269 1252->1251 1257 fc36df-fc371f 1253->1257 1258 fc3727-fc3774 1253->1258 1254->1253 1256 fc3633-fc36b2 1254->1256 1256->1253 1257->1258 1260 fc378a-fc381d 1258->1260 1261 fc3776-fc3783 1258->1261 1263 fc382f-fc3859 1260->1263 1264 fc381f-fc3827 1260->1264 1261->1260 1266 fc3899-fc38b0 1263->1266 1267 fc385b-fc3897 1263->1267 1264->1263 1270 fc38b7-fc38c6 1266->1270 1267->1270 1268->1269 1271 fc3d68-fc3dab 1269->1271 1272 fc3db1-fc3dd8 1269->1272 1273 fc3908-fc3958 1270->1273 1274 fc38c8-fc3900 1270->1274 1271->1272 1275 fc3dde-fc3e1e 1272->1275 1276 fc3e76-fc3fbc 1272->1276 1273->1248 1274->1273 1277 fc3e66-fc3e6e 1275->1277 1278 fc3e20-fc3e64 1275->1278 1279 fc3fdc-fc3ffc 1276->1279 1280 fc3fbe-fc3fda 1276->1280 1277->1276 1278->1276 1281 fc4004-fc40a3 1279->1281 1280->1281 1282 fc40ab-fc40ca 1281->1282 1283 fc40d0-fc40d7 call fce9c0 1282->1283 1284 fc40da-fc40fd 1283->1284 1284->1283 1286 fc40ff-fc4103 1284->1286 1286->1282 1287 fc4105-fc415c 1286->1287
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset
                                                                                                                                                                                                                • String ID: q
                                                                                                                                                                                                                • API String ID: 2102423945-389260800
                                                                                                                                                                                                                • Opcode ID: ed929b1c3610f6e8c13a471552f0e28ccfd33af252a53f008f5a5efcdb1b2804
                                                                                                                                                                                                                • Instruction ID: d4c3c69277a910b7899985c1e0385e4e36fc67a75d832fc4b89f55e9a2c66f01
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed929b1c3610f6e8c13a471552f0e28ccfd33af252a53f008f5a5efcdb1b2804
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7F20372810E498EC327CF79E991169B375BFDB385B14C30AE4867F249EBBE50819B44
                                                                                                                                                                                                                Function 00FC4360 Relevance: 4.6, APIs: 3, Instructions: 121fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1302 fc4360-fc43df call fdb610 call fb1da0 1307 fc43f6-fc4416 CreateFileA 1302->1307 1308 fc43e1-fc43f1 call fb6df0 1302->1308 1310 fc442e-fc443e 1307->1310 1311 fc4418-fc4429 call fb6df0 1307->1311 1315 fc4566-fc4569 1308->1315 1314 fc4446-fc444d 1310->1314 1311->1315 1317 fc444f-fc4455 1314->1317 1318 fc4457 1314->1318 1319 fc445e-fc4543 call fde670 call fd4a20 WriteFile 1317->1319 1318->1319 1319->1314 1324 fc4549-fc4561 CloseHandle call fb6df0 1319->1324 1324->1315
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00FB1DA0: WaitForSingleObject.KERNEL32(00000108,00004E20,?,?,?,?,00FC686C,00000108), ref: 00FB1EBC
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000002,40000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 00FC4409
                                                                                                                                                                                                                  • Part of subcall function 00FB6DF0: ReleaseMutex.KERNEL32(00FC6B5F,?,00FC6B5F,00000108), ref: 00FB6E07
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFileMutexObjectReleaseSingleWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1564016613-0
                                                                                                                                                                                                                • Opcode ID: 8b6ba05e5d06e94c9af9f37186a1a23664586238b3b1b39e6bb81e1d6e2e6ed5
                                                                                                                                                                                                                • Instruction ID: 172454cd575f3ac766edc016f35b8b0ec84953c7153633aa6a4a76039017d53c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b6ba05e5d06e94c9af9f37186a1a23664586238b3b1b39e6bb81e1d6e2e6ed5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2351BE72900608EFC722CFA5EC51B5AB374AB8A340F10C719F9466B285E77E6680DF90
                                                                                                                                                                                                                Function 00FD94DD Relevance: 4.5, APIs: 3, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1327 fd94dd-fd94e3 1328 fd94f2-fd94fd call fda6fd 1327->1328 1331 fd94ff-fd9502 1328->1331 1332 fd94e5-fd94f0 call fdfc1f 1328->1332 1332->1328 1335 fd9503-fd952d call fdf1c4 call fdf37c 1332->1335
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00FD94F5
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: __FF_MSGBANNER.LIBCMT ref: 00FDA714
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: __NMSG_WRITE.LIBCMT ref: 00FDA71B
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: RtlAllocateHeap.NTDLL(00BB0000,00000000,00000001,00000000,00000000,00000000,?,00FDFCE1,00000000,00000000,00000000,00000000,?,00FE05F7,00000018,01013E08), ref: 00FDA740
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00FD9513
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00FD9528
                                                                                                                                                                                                                  • Part of subcall function 00FDF37C: RaiseException.KERNEL32(?,?,?,01013AD0,?,?,?,?,?,00FD952D,?,01013AD0,00000000,00000001), ref: 00FDF3D1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3074076210-0
                                                                                                                                                                                                                • Opcode ID: 1d12e4050a06b110e91331ff1b114a3a985114299f8b1e62120e002a4d5b29bf
                                                                                                                                                                                                                • Instruction ID: 55d339f4c5191ce5226192071cf353d38b65fc766bd6e411c04cce869344dafb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d12e4050a06b110e91331ff1b114a3a985114299f8b1e62120e002a4d5b29bf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5E0E57580420EB6DF10EEE4DC01DAE776EAB01314F184167E805A6281DF709B54B591
                                                                                                                                                                                                                Function 00FEE043 Relevance: 3.0, APIs: 2, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1340 fee043-fee051 1341 fee06e-fee08e call fedec5 LCMapStringW 1340->1341 1342 fee053-fee06d LCMapStringEx 1340->1342
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LCMapStringEx.KERNELBASE(?,?,?,?,?,5EFC4D8B,00000000,00000000,00000000,?,00FEEAA4,?,?,00000000,?,00000000), ref: 00FEE06A
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,?,?,?,?,5EFC4D8B,?,00FEEAA4,?,?,00000000,?,00000000,00000000), ref: 00FEE087
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2568140703-0
                                                                                                                                                                                                                • Opcode ID: e9a7ab0bf1aa24bdcc009b23c34adfff7b23f7a828c58a412ca94a18030a4cb0
                                                                                                                                                                                                                • Instruction ID: 7ab58595ef5af599a10f0c3f8b672075a83942637fcc3095493e070277df736d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9a7ab0bf1aa24bdcc009b23c34adfff7b23f7a828c58a412ca94a18030a4cb0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DF01F7201014ABFDF169F94EC0ACEA3B7AFB48354B008415FA5945420D7BBA972AB91
                                                                                                                                                                                                                Function 00FDA17E Relevance: 3.0, APIs: 2, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1345 fda17e-fda18d call fda14a ExitProcess
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___crtCorExitProcess.LIBCMT ref: 00FDA184
                                                                                                                                                                                                                  • Part of subcall function 00FDA14A: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,00FDA189,00000000,?,00FDA72A,000000FF,0000001E,00000000,00000000,00000000,?,00FDFCE1), ref: 00FDA159
                                                                                                                                                                                                                  • Part of subcall function 00FDA14A: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00FDA16B
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00FDA18D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2427264223-0
                                                                                                                                                                                                                • Opcode ID: 1c3e0a156b8f2f73cad31ac43c964de29abc83c76356f87b467f295c5b03e39e
                                                                                                                                                                                                                • Instruction ID: 9c81b252d6c2ded677e4f20e51ec662a8fa4f08871f1a924d220f286fb4fa54e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c3e0a156b8f2f73cad31ac43c964de29abc83c76356f87b467f295c5b03e39e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BB09230000108FBCB122F15DC0A8483F2AEB003A0F404421F94808131DBBAA991AA96
                                                                                                                                                                                                                Function 00FCA370 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1348 fca370-fca3fc call fb8e40 call fc7e90 call fdecc0
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00FB8E40: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00FB8EF2
                                                                                                                                                                                                                  • Part of subcall function 00FB8E40: ReadFile.KERNELBASE(000000FF,?,?,?,00000000), ref: 00FB8F17
                                                                                                                                                                                                                  • Part of subcall function 00FB8E40: CloseHandle.KERNEL32(000000FF), ref: 00FB8F35
                                                                                                                                                                                                                  • Part of subcall function 00FB8E40: GetTickCount.KERNEL32 ref: 00FB8F4C
                                                                                                                                                                                                                  • Part of subcall function 00FC7E90: _memset.LIBCMT ref: 00FC7EFC
                                                                                                                                                                                                                  • Part of subcall function 00FC7E90: CreateProcessA.KERNELBASE(?,00FB1B70,00000000,00000000,00000000,00000008,00000000,00000000,00000044,?), ref: 00FC7F50
                                                                                                                                                                                                                  • Part of subcall function 00FC7E90: CloseHandle.KERNEL32(00FB1B70), ref: 00FC7F5E
                                                                                                                                                                                                                  • Part of subcall function 00FC7E90: CloseHandle.KERNEL32(?), ref: 00FC7F68
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FCA3F1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle$CreateFile_memset$CountProcessReadTick
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 830835424-0
                                                                                                                                                                                                                • Opcode ID: ef841c52a1e89a33842aba593103750e78410d9e734037b492910c454d1de200
                                                                                                                                                                                                                • Instruction ID: 3a05c2e279edeb7dd05c77ebe39e27ac9952be0003644f628301580935bfa64a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef841c52a1e89a33842aba593103750e78410d9e734037b492910c454d1de200
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A601D67640020A56C314EBA8FC42BE93378EB86705F408295FA088F385FA7E5581C7D5
                                                                                                                                                                                                                Function 00FDA5B0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1355 fda5b0-fda5ba call fda481 1357 fda5bf-fda5c3 1355->1357
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _doexit.LIBCMT ref: 00FDA5BA
                                                                                                                                                                                                                  • Part of subcall function 00FDA481: __lock.LIBCMT ref: 00FDA48F
                                                                                                                                                                                                                  • Part of subcall function 00FDA481: DecodePointer.KERNEL32(01013D00,0000001C,00FDA36E,00000000,00000001,00000000,?,00FDA2BC,000000FF,?,00FE0530,00000011,?,?,00FE2990,0000000D), ref: 00FDA4CE
                                                                                                                                                                                                                  • Part of subcall function 00FDA481: DecodePointer.KERNEL32(?,00FDA2BC,000000FF,?,00FE0530,00000011,?,?,00FE2990,0000000D), ref: 00FDA4DF
                                                                                                                                                                                                                  • Part of subcall function 00FDA481: EncodePointer.KERNEL32(00000000,?,00FDA2BC,000000FF,?,00FE0530,00000011,?,?,00FE2990,0000000D), ref: 00FDA4F8
                                                                                                                                                                                                                  • Part of subcall function 00FDA481: DecodePointer.KERNEL32(-00000004,?,00FDA2BC,000000FF,?,00FE0530,00000011,?,?,00FE2990,0000000D), ref: 00FDA508
                                                                                                                                                                                                                  • Part of subcall function 00FDA481: EncodePointer.KERNEL32(00000000,?,00FDA2BC,000000FF,?,00FE0530,00000011,?,?,00FE2990,0000000D), ref: 00FDA50E
                                                                                                                                                                                                                  • Part of subcall function 00FDA481: DecodePointer.KERNEL32(?,00FDA2BC,000000FF,?,00FE0530,00000011,?,?,00FE2990,0000000D), ref: 00FDA524
                                                                                                                                                                                                                  • Part of subcall function 00FDA481: DecodePointer.KERNEL32(?,00FDA2BC,000000FF,?,00FE0530,00000011,?,?,00FE2990,0000000D), ref: 00FDA52F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2158581194-0
                                                                                                                                                                                                                • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                                • Instruction ID: 9f2b49ac20845b6f0eb4551c5c54ed72bbf5cf326c5badfbdf990c7c06e7aa43
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BB0123198030C33D9102655FC03F553B0D4741B54F540062FA0C1C2F1B5D3756050CE

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 00FBE7A0 Relevance: 21.5, APIs: 11, Strings: 1, Instructions: 510memorylibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00FD8900: _malloc.LIBCMT ref: 00FD897B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00FBE86C
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00FBE8C8
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _memset.LIBCMT ref: 00FC5C01
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _free.LIBCMT ref: 00FC5C43
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00FBE9D5
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00FBE9F6
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000288), ref: 00FBEA2D
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00FBEA40
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00FBEA7B
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000288), ref: 00FBEA8B
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00FBEA9E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeHeapLibrary$Alloc$AddressLoadProcProcess_free_malloc_memset
                                                                                                                                                                                                                • String ID: o
                                                                                                                                                                                                                • API String ID: 1160571514-252678980
                                                                                                                                                                                                                • Opcode ID: 3bd0672f816640920835de8c22c0034e3828a4c6944776b3ac5a9921e808bcff
                                                                                                                                                                                                                • Instruction ID: 7667d55fa35fe759fc3bc5f5ee28702c58c18211b4bcfb982d1073751d5b937b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3bd0672f816640920835de8c22c0034e3828a4c6944776b3ac5a9921e808bcff
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E427871D00648DFCB22CFB9D880AEDBBB1BF8A304F148259E485BB245E77A5985DF50
                                                                                                                                                                                                                Function 00FBA5B0 Relevance: 17.3, APIs: 11, Instructions: 816networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00FD8E80: __time64.LIBCMT ref: 00FD8E87
                                                                                                                                                                                                                  • Part of subcall function 00FD8900: _malloc.LIBCMT ref: 00FD897B
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _memset.LIBCMT ref: 00FC5C01
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _free.LIBCMT ref: 00FC5C43
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00FBADAE
                                                                                                                                                                                                                • socket.WS2_32(00000002,00000001,00000006), ref: 00FBAF5F
                                                                                                                                                                                                                • setsockopt.WS2_32(000000FF,0000FFFF,00001006,00000000,00000004), ref: 00FBAF95
                                                                                                                                                                                                                • gethostbyname.WS2_32(?), ref: 00FBAFA2
                                                                                                                                                                                                                • inet_ntoa.WS2_32(00000000), ref: 00FBAFEE
                                                                                                                                                                                                                • inet_addr.WS2_32(00000000), ref: 00FBAFF5
                                                                                                                                                                                                                • htons.WS2_32(00000050), ref: 00FBB003
                                                                                                                                                                                                                • connect.WS2_32(000000FF,?,00000010), ref: 00FBB01D
                                                                                                                                                                                                                • send.WS2_32(000000FF,00000000,00000000,00000000), ref: 00FBB089
                                                                                                                                                                                                                • recv.WS2_32(000000FF,?,00000400,00000000), ref: 00FBB139
                                                                                                                                                                                                                • closesocket.WS2_32(000000FF), ref: 00FBB3D1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __snprintf__time64_free_malloc_memsetclosesocketconnectgethostbynamehtonsinet_addrinet_ntoarecvsendsetsockoptsocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4080495170-0
                                                                                                                                                                                                                • Opcode ID: b709bc1197f3f5abe59ad8893c66b5a27e3cc583cba188abf0163a0525cb0953
                                                                                                                                                                                                                • Instruction ID: 05c44537642f05b04f4b13349192fc15f6688f0b8a3e8bbe85b3ba9103b942ba
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b709bc1197f3f5abe59ad8893c66b5a27e3cc583cba188abf0163a0525cb0953
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67827971900A08DFC722CFB5EC51AAEB775BF8A344F108249E4467B289EB7E5981DF50
                                                                                                                                                                                                                Function 00FDF99D Relevance: 16.7, APIs: 11, Instructions: 179COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoLocale___crt__calloc_crt_free$ErrorFeatureLastPresentProcessor
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4163210287-0
                                                                                                                                                                                                                • Opcode ID: f57c849764f72c77416599222a40f5f9ba1c075d293310a7a9e0d0d168a5e4c4
                                                                                                                                                                                                                • Instruction ID: 6b7dcb4472d159c0c5638cdfe84aa84307961162803e6fde9a2bfc1a56bd262a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f57c849764f72c77416599222a40f5f9ba1c075d293310a7a9e0d0d168a5e4c4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E51CA75D0021AABEF219F25DC42FAA7B7AEF14320F1840A7F94DD6241EB35CD54AB60
                                                                                                                                                                                                                Function 00FC8DE0 Relevance: 13.6, APIs: 9, Instructions: 132serviceCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,00000002), ref: 00FC8E53
                                                                                                                                                                                                                • CreateServiceA.ADVAPI32(00000000,00BC4A48,00BC4A48,000F01FF,00000110,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00FC8E94
                                                                                                                                                                                                                • ChangeServiceConfig2A.ADVAPI32(00000000,00000001,?), ref: 00FC8F35
                                                                                                                                                                                                                • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00FC8F6C
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00FC8F76
                                                                                                                                                                                                                • OpenServiceA.ADVAPI32(00000000,00BC4A48,00000010), ref: 00FC8FD5
                                                                                                                                                                                                                • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00FC8FEC
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00FC8FF6
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00FC9000
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Service$CloseHandle$OpenStart$ChangeConfig2CreateManager
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3525021261-0
                                                                                                                                                                                                                • Opcode ID: 8f8ad555f3682e42e93bd8bfe5301ddde7ed5d16276b9bd5d70ab30926a14e97
                                                                                                                                                                                                                • Instruction ID: e54509d11af6a1307d13bbfbe713088775e11d8d56de57e82d98212f4bf4716f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f8ad555f3682e42e93bd8bfe5301ddde7ed5d16276b9bd5d70ab30926a14e97
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32515E75900B049FC326DFB4EC65B5AB775BBCA741F408209F5866B288EB7F5481CB40
                                                                                                                                                                                                                Function 00FC6030 Relevance: 12.2, APIs: 8, Instructions: 183processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00FC6094
                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00FC6155
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00FC620C
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,?,00000000), ref: 00FC623A
                                                                                                                                                                                                                • Module32First.KERNEL32(0000000D,00000224), ref: 00FC62A8
                                                                                                                                                                                                                • CloseHandle.KERNEL32(0000000D,0000000A,?,00FBD9E3), ref: 00FC6311
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00FC632C
                                                                                                                                                                                                                  • Part of subcall function 00FD8900: _malloc.LIBCMT ref: 00FD897B
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _memset.LIBCMT ref: 00FC5C01
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _free.LIBCMT ref: 00FC5C43
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFirstProcess32SnapshotToolhelp32$CloseHandleModule32Next__snprintf_free_malloc_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2771089087-0
                                                                                                                                                                                                                • Opcode ID: 9cf822268585e253b51b0beeba740ef09258df74017714f785e3fe367b4cb702
                                                                                                                                                                                                                • Instruction ID: fb16c94c29f512903c649b817485ac0d330a2a8904ff0a41335f9393e5511dcb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cf822268585e253b51b0beeba740ef09258df74017714f785e3fe367b4cb702
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8581F071900609DFC726DFB4EC52BADB775BF8A700F008219E549AB248EBBE5681DF50
                                                                                                                                                                                                                Function 00FCC5C0 Relevance: 12.2, APIs: 8, Instructions: 169serviceCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,80000000), ref: 00FCC644
                                                                                                                                                                                                                • EnumServicesStatusA.ADVAPI32(00000000,00000030,00000003,?,00000024,?,?,00000000), ref: 00FCC6C5
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00FCC6CE
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00FCC70F
                                                                                                                                                                                                                • EnumServicesStatusA.ADVAPI32(00000000,00000030,00000003,00000000,?,?,?,00000000), ref: 00FCC740
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00FCC7A9
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FCC7EF
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00FCC7FB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: EnumServicesStatus$CloseErrorHandleLastManagerOpenService__snprintf_free_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3403677689-0
                                                                                                                                                                                                                • Opcode ID: 4885de482e3cb8b53f34a4cf24decd4807bc010f99737cd12a4b2ede1e3ae3f2
                                                                                                                                                                                                                • Instruction ID: 82da0c0dd1293b29c9f2bf19f749c1c25fffbe06d18b47485a2ed2961415858c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4885de482e3cb8b53f34a4cf24decd4807bc010f99737cd12a4b2ede1e3ae3f2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82719071D00608DFCB16CFA4DD92BAEB779BF8A340F108219E5067B284E77E5981DB50
                                                                                                                                                                                                                Function 00FFEE73 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcscmp.LIBCMT ref: 00FFEE8A
                                                                                                                                                                                                                • _wcscmp.LIBCMT ref: 00FFEE9B
                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00FFF139,?,00000000), ref: 00FFEEB7
                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00FFF139,?,00000000), ref: 00FFEEE1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoLocale_wcscmp
                                                                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                                                                • API String ID: 1351282208-711371036
                                                                                                                                                                                                                • Opcode ID: e12e736815c66e06675ce1229f19a05ec44b1e2297c331d68e405d6f2a898511
                                                                                                                                                                                                                • Instruction ID: b16272142c028db6cc29f9712f6f8ed632f58fd341dcda8c877dcb6d61baddb3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e12e736815c66e06675ce1229f19a05ec44b1e2297c331d68e405d6f2a898511
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2601C03224110DAADB21DE69EC05FE6339AAF04774F058425F744DA1B0E734EA80E7D0
                                                                                                                                                                                                                Function 00FB3EE0 Relevance: 5.0, Strings: 2, Instructions: 2459COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: NP9$`gT
                                                                                                                                                                                                                • API String ID: 0-354968042
                                                                                                                                                                                                                • Opcode ID: 3b36fb32fa7b6cb5968348bb3943cd994dd7e94389eda9c62de4040656caaa8f
                                                                                                                                                                                                                • Instruction ID: 5c9ce19b18383def3501eb4c36dd18b066bc7aa4b0a2fd8b8517d5cfdcbeefe5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b36fb32fa7b6cb5968348bb3943cd994dd7e94389eda9c62de4040656caaa8f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08534C71D00A09DFC71ACFA9D890AADF7B2FFCA344B10C259D456AB249E7396681CF44
                                                                                                                                                                                                                Function 00FB7DE0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSystemTime.KERNEL32(?,?,?,?,?,?,00FB74FC), ref: 00FB7E5C
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00FB7EEF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountSystemTickTime
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2164215191-0
                                                                                                                                                                                                                • Opcode ID: 95a7b7f330f3f2eb1be96cae83a966d63f7606cf34e706cd224ee9d163d6893a
                                                                                                                                                                                                                • Instruction ID: e162a86cfde917da19b3dfa53b008d804a66652ff9ae23a38fbb7eb2d5be76b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95a7b7f330f3f2eb1be96cae83a966d63f7606cf34e706cd224ee9d163d6893a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3313D71C10B08DEC723DFB4E96066EB775BF8A345F50834AE4467A109EB7E5681DB80
                                                                                                                                                                                                                Function 00FE02E8 Relevance: 3.1, APIs: 2, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FE031D
                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,00000000), ref: 00FE03D2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DebuggerPresent_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2328436684-0
                                                                                                                                                                                                                • Opcode ID: abd28a9d99170fe568d158f674a0a072dd924d7f94dcfe7f1434db8b8f2f72bc
                                                                                                                                                                                                                • Instruction ID: 244bd217826bdd010b5313d210c449a9e2e64576278be74d947cf430c71ea1bb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: abd28a9d99170fe568d158f674a0a072dd924d7f94dcfe7f1434db8b8f2f72bc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF31C374C4122C9BCB21DF29D9887CCB7B8BF08310F1042EAE80CA6250EB749BC59F44
                                                                                                                                                                                                                Function 00FE0CDC Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00FE03E6,?,?,?,00000000), ref: 00FE0CE1
                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 00FE0CEA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                • Opcode ID: 0d2dd7a95bbbe8514830ae172207045b1afdc0b2e61f3c3cd3b670660393564f
                                                                                                                                                                                                                • Instruction ID: 67488c14dce9dcc93dad33ea9b54b06cc2fe42b7df61529eea944205152f1735
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d2dd7a95bbbe8514830ae172207045b1afdc0b2e61f3c3cd3b670660393564f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98B0923508820CEBDB126BD1EC09B5A7F28EB04652F004110F68D441558B7B64208BA1
                                                                                                                                                                                                                Function 00FC9630 Relevance: 2.9, Strings: 2, Instructions: 429COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: @$^5Z
                                                                                                                                                                                                                • API String ID: 0-2270632777
                                                                                                                                                                                                                • Opcode ID: 393e61770606eb7b134163c1d957136161c0d38d9e3acca13d0f586e264a7ed0
                                                                                                                                                                                                                • Instruction ID: b6b5cddf81c9d406ca0b8d1f5b3aca3e0ae00682591842669b4b26276d14a7c4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 393e61770606eb7b134163c1d957136161c0d38d9e3acca13d0f586e264a7ed0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7227D32A00508CFD716CFA9E98169DB7B2FFCA340F24C229E945AB389D77D6941DB44
                                                                                                                                                                                                                Function 00FCD5E0 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • StartServiceCtrlDispatcherA.ADVAPI32(?), ref: 00FCD685
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CtrlDispatcherServiceStart
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3789849863-0
                                                                                                                                                                                                                • Opcode ID: 2ff50f86371f8094cc7e2b8f754de3415784835e2196ba9e9b68377269919971
                                                                                                                                                                                                                • Instruction ID: 64127b6f10fa84d44fb39cb1966e7b1a8b099af6c730c823587d4b1191a277b2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ff50f86371f8094cc7e2b8f754de3415784835e2196ba9e9b68377269919971
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B010971C00B099AC713DFA5E85566AF775FF8A300F40870AE8457B208EBBE51C59B90
                                                                                                                                                                                                                Function 00FEDF03 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(Function_0003DEEF,00000001), ref: 00FEDF31
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                                                                                                • Opcode ID: 0f374b96c795e7cfe25b0703865a43c1455b6ac9cc6813d91680090967ff8019
                                                                                                                                                                                                                • Instruction ID: 4c3ec15c5008b514410eeace8cfb820d2c9f47586d432428a4c95d11fb7cf46a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f374b96c795e7cfe25b0703865a43c1455b6ac9cc6813d91680090967ff8019
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFE0B632150248ABDB22DFA5EC45B993BA6AB48724F448011F6885A594C2BFA6619F44
                                                                                                                                                                                                                Function 00FEDF89 Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,00000002,?,?,00FDFB84,?,?,?,00000002), ref: 00FEDFB0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                                                                                                • Opcode ID: a43df9c12f46151a8da824808ec3d6b6a995294a17e34dda672d8525da02ed94
                                                                                                                                                                                                                • Instruction ID: 7d5e4714cbaf994be12660c60d22c6b2db6cfc103396fe2b037ad24e0bb022d9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a43df9c12f46151a8da824808ec3d6b6a995294a17e34dda672d8525da02ed94
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3D06732044149BF8F12AFE5EC098AA3B7AFB48364B444805F95989515D67BA520AB61
                                                                                                                                                                                                                Function 00FE0CAB Relevance: 1.5, APIs: 1, Instructions: 6COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00FEBE4A,00FEBDFF,?,00000000,00000000,00000000,00000000), ref: 00FE0CB1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                • Opcode ID: 98b524a4586fdbbfea87e6f50dd6671b28b8a52e2a6f5b5e0cb8a8fd67bf7ef6
                                                                                                                                                                                                                • Instruction ID: 4cf47bb93e925ef2340e59aa33dc869d40f92f3deae94af314d6ff119777eebc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98b524a4586fdbbfea87e6f50dd6671b28b8a52e2a6f5b5e0cb8a8fd67bf7ef6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52A0113008820CEBCB022B82EC088883F2CEA002A0B000020F88C002208B2BA8208A80
                                                                                                                                                                                                                Function 00FC98B9 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                • Opcode ID: 6677a7709f8b601ba4d0fb18247d4bb4f8a749d58e44368ebca05edd52f7a10d
                                                                                                                                                                                                                • Instruction ID: 451899a67a709934ace8adb21783f9cef6e0bf3b3b5c9228c11a9ba51cb72c5d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6677a7709f8b601ba4d0fb18247d4bb4f8a749d58e44368ebca05edd52f7a10d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3C16872A00518CBDB19CFACE58169DB7B2FBC9340F24C269D945AB388D738AE41CB44
                                                                                                                                                                                                                Function 00FDC499 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                                                                                                                • Instruction ID: 2ef287b5dac05468eabb96643e6bc59d1da433651a9bf8e1f3a284191e68613f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32C184326151938ADF2E4639C43413EFAA25EA27B131E175FD4B7CB2D4EE20D524E6E0
                                                                                                                                                                                                                Function 00FDC8CE Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                                                                                                                • Instruction ID: b1113bc7297ff467a8264de1ee88456dc36e89938391ce948e1ed78d6d186459
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AC187336151934ADF2E4639C43413EFAA25A927B131E176FD4B7CB2D4EE20C524E5D0
                                                                                                                                                                                                                Function 00FDC064 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                                                                • Instruction ID: cc65f2b7fcb7c28c4356d841b847f88771200ecf233112bb0eed2cd6f087e2f9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEC168326151938ADF2E4639C47413EFAA25AA27B131E076FD4B7CB2D5EE10C524E6E0
                                                                                                                                                                                                                Function 00FDBC4C Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                                                                • Instruction ID: 716593799cab1b47972308e910958e9c28f8087b431455834ff9e696f4f7aba8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02C185326150938ADF2E4A39C47417EBBA25AA27B131F075FD4B7CB2D4EF10C564E690
                                                                                                                                                                                                                Function 00FD9680 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                • Instruction ID: e923d7d8a84e726db7668fb56bcdd07970a650a33d421bf580066f82093f0de7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84112777A0808243D7148EFEC9B46BAA797EBC5330B2D537BD0524BB5CD6A2E945B700
                                                                                                                                                                                                                Function 00FC1570 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 194pipeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreatePipe.KERNEL32(00000020,?,0000000C,00000000), ref: 00FC1666
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreatePipe
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 2719314638-2746444292
                                                                                                                                                                                                                • Opcode ID: c577aa1ddbff5484ed325868e9a25ceea864d1f9e7a41ff5d843abf26dbd23f9
                                                                                                                                                                                                                • Instruction ID: e7ec0b00bbce56fe7b734029ce6ae81451c2ee0da4d9453f71a6015777820cc0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c577aa1ddbff5484ed325868e9a25ceea864d1f9e7a41ff5d843abf26dbd23f9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69815CB5D00708EFDB25DFA4DD45BAEB7B5BF8A300F108209E545AB284DBBE5980CB50
                                                                                                                                                                                                                Function 00FE7D00 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 289COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DecodePointer_write_multi_char_write_string$__aulldvrm__cftof_free_strlen
                                                                                                                                                                                                                • String ID: -$g
                                                                                                                                                                                                                • API String ID: 559064418-3991542268
                                                                                                                                                                                                                • Opcode ID: 0b1a12150436cfd1c260fe4f81ee5b3c82b476be09966424f375f30b9565c98f
                                                                                                                                                                                                                • Instruction ID: aff559a912d7427a448331377796f204d54d86515699e1c415894f29f0c69e06
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b1a12150436cfd1c260fe4f81ee5b3c82b476be09966424f375f30b9565c98f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21B1EE71D052A99FEF30AB56CC88BA9B7B5FF44360F2401D9E40CA6251DB389E81EF50
                                                                                                                                                                                                                Function 00FEFA4C Relevance: 19.6, APIs: 13, Instructions: 84COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1503006713-0
                                                                                                                                                                                                                • Opcode ID: 260c3e5d03715550177e9323071f91c8f89fbd3cb0df57945bc4481fc3b93b4d
                                                                                                                                                                                                                • Instruction ID: b9724589044a10dfddcee05dfd632a3d5048d4576183878f40df18f55846843d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 260c3e5d03715550177e9323071f91c8f89fbd3cb0df57945bc4481fc3b93b4d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84218B32504681EAEB213F27DC02E0A7BDADF40BA0B24403EF488491A1DB3D8814B795
                                                                                                                                                                                                                Function 00FDA194 Relevance: 18.1, APIs: 12, Instructions: 84COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DecodePointer.KERNEL32 ref: 00FDA19C
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FDA1B5
                                                                                                                                                                                                                  • Part of subcall function 00FDA688: RtlFreeHeap.NTDLL(00000000,00000000,?,00FE2938,00000000,00FE0F5F,00FEE22D,00000000,?,00FDFC97,?,?,00000000), ref: 00FDA69C
                                                                                                                                                                                                                  • Part of subcall function 00FDA688: GetLastError.KERNEL32(00000000,?,00FE2938,00000000,00FE0F5F,00FEE22D,00000000,?,00FDFC97,?,?,00000000,?,?,?,00FE2A32), ref: 00FDA6AE
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FDA1C8
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FDA1E6
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FDA1F8
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FDA209
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FDA214
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FDA238
                                                                                                                                                                                                                • EncodePointer.KERNEL32(00BC2320), ref: 00FDA23F
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FDA254
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FDA26A
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FDA292
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3064303923-0
                                                                                                                                                                                                                • Opcode ID: 64d8062013bed045012343ccff8d6487b3b6b709e30088a1d3fcb78e20802d9e
                                                                                                                                                                                                                • Instruction ID: 4d55225bee63722af706eefc86149be24b4d9e56b54fde0cda8c5bc1b8bf332b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64d8062013bed045012343ccff8d6487b3b6b709e30088a1d3fcb78e20802d9e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D218D32D41250CFDB316FA5EC80519776AAB0577171E026BE88897388CB3E9C41EF8A
                                                                                                                                                                                                                Function 00FEFB23 Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock_wcscmp
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1077091919-0
                                                                                                                                                                                                                • Opcode ID: d970319d11012da773cf7df6d1ddf6d5d8a742357670472928009b1ce9259523
                                                                                                                                                                                                                • Instruction ID: cdca6ed17db6d64354b5eafbd7f98ad3c858d397ad1aaa7077492c47648acd9f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d970319d11012da773cf7df6d1ddf6d5d8a742357670472928009b1ce9259523
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60410B32900389ABD710AFAAED42B9D77F1EF44324F24403DF90496142DBBE5649EB51
                                                                                                                                                                                                                Function 00FE7EE6 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DecodePointer_write_multi_char$_write_string$__aulldvrm__cftof_free_strlen
                                                                                                                                                                                                                • String ID: -
                                                                                                                                                                                                                • API String ID: 1678825546-2547889144
                                                                                                                                                                                                                • Opcode ID: ceb0f4472a6984bb1c83caa1167ed3bcf480d19cc91b79e325e02a10c75ef682
                                                                                                                                                                                                                • Instruction ID: 1a9f253ee1282f7459af2d5c9ed075b04176b45cb1ca005e3bfdbb93fd9f927c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ceb0f4472a6984bb1c83caa1167ed3bcf480d19cc91b79e325e02a10c75ef682
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0871B371E052A99EEF30AB56CC88BA9B7B5EF44350F1400D9D90CA7281DB349F85EF50
                                                                                                                                                                                                                Function 00FD9385 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00FD9398
                                                                                                                                                                                                                  • Part of subcall function 00FDF19F: std::exception::_Copy_str.LIBCMT ref: 00FDF1B8
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00FD93AD
                                                                                                                                                                                                                  • Part of subcall function 00FDF37C: RaiseException.KERNEL32(?,?,?,01013AD0,?,?,?,?,?,00FD952D,?,01013AD0,00000000,00000001), ref: 00FDF3D1
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00FD93C6
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00FD93DB
                                                                                                                                                                                                                • std::regex_error::regex_error.LIBCPMT ref: 00FD93ED
                                                                                                                                                                                                                  • Part of subcall function 00FD905C: std::exception::exception.LIBCMT ref: 00FD9076
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00FD93FB
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00FD9414
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00FD9429
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                                                                                                • String ID: bad function call
                                                                                                                                                                                                                • API String ID: 2464034642-3612616537
                                                                                                                                                                                                                • Opcode ID: afd48d4bda9fe2ad74c5d5b2624b73a4148a74b81483541334f2a2f5e02ad866
                                                                                                                                                                                                                • Instruction ID: a2d1eae734472ff8a8e384a9564e17c9e64cdda206f44dda78762de0c1a157d3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: afd48d4bda9fe2ad74c5d5b2624b73a4148a74b81483541334f2a2f5e02ad866
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0911BC74C0020CBBCF05FFA5C886CCDBBBDFB14244F448566B9599B245EB78A3499B90
                                                                                                                                                                                                                Function 00FB8040 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 308sleepfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _memset.LIBCMT ref: 00FC5C01
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _free.LIBCMT ref: 00FC5C43
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 00FB839B
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00FB83FE
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FB8505
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FB851B
                                                                                                                                                                                                                • Sleep.KERNEL32(00015F90), ref: 00FB8528
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 00FB8535
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FB8549
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$File$DeleteModuleNameSleep__snprintf_free
                                                                                                                                                                                                                • String ID: rj3.
                                                                                                                                                                                                                • API String ID: 3733618472-2374996226
                                                                                                                                                                                                                • Opcode ID: 7e23d9bb2f5471d997a8b9c498692c472dc33b60685fd48644e5773df8a4b9f5
                                                                                                                                                                                                                • Instruction ID: 30a9cecb2a4deabfce5dcec0da1cecc8ee5d74238f38e08ccb20333af3dedc2e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e23d9bb2f5471d997a8b9c498692c472dc33b60685fd48644e5773df8a4b9f5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46D1E071C006089FC726DFB9EC81AADB775BFCA304F048219E485AB249EB7E6585DF50
                                                                                                                                                                                                                Function 00FE8045 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _write_multi_char$_write_string$__cftof_free
                                                                                                                                                                                                                • String ID: -
                                                                                                                                                                                                                • API String ID: 2964551433-2547889144
                                                                                                                                                                                                                • Opcode ID: f507755618922d85354abb820563d35445fadce7259c00d7273c23996d589cbe
                                                                                                                                                                                                                • Instruction ID: 6bbc14e9f51eb5814a29f7495db1dbdef453e93622392a828db916cffd8c6503
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f507755618922d85354abb820563d35445fadce7259c00d7273c23996d589cbe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC515271E012699EDF31AAA5CC89BE977B5BF08350F0400D9E90CA6291DB399F86DF10
                                                                                                                                                                                                                Function 00FE8055 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _write_multi_char$_write_string$__cftof_free
                                                                                                                                                                                                                • String ID: -
                                                                                                                                                                                                                • API String ID: 2964551433-2547889144
                                                                                                                                                                                                                • Opcode ID: 3347109e46d25c19d8e06fc2ecfa29749a9d3cab0da34901eb119b10fe66e151
                                                                                                                                                                                                                • Instruction ID: 8681246f04b2c42e146fe1f87aad02716dfcc901901630cc71f41b6bed86387e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3347109e46d25c19d8e06fc2ecfa29749a9d3cab0da34901eb119b10fe66e151
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93516271E011699EDF31AAA5CC89BE977B5BF08350F0400D9E90CA6291DB399F86DF10
                                                                                                                                                                                                                Function 00FC16AA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 81processfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 00FC16CF
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FC16EE
                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 00FC1752
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000020,?,00000000), ref: 00FC178D
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00FC181F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00FC56E4), ref: 00FC1829
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000020), ref: 00FC1833
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00FC1843
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$Close$CreateFileInformationProcessWrite_memset
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 3900862288-2746444292
                                                                                                                                                                                                                • Opcode ID: 49282a383c5ffffaeae7703acd560770bea933bd1d030025c5c40fc3e74560a7
                                                                                                                                                                                                                • Instruction ID: 594545d87bfc0824f5eedc6198228d40994571c7988164c692c934ff5138c1bc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49282a383c5ffffaeae7703acd560770bea933bd1d030025c5c40fc3e74560a7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E3149B5E01308EFDB24DFA0DD86BADBBB5BF89310F108119E505AB284D7BA5980CF50
                                                                                                                                                                                                                Function 00FC6E60 Relevance: 12.2, APIs: 8, Instructions: 212processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00FC6EEE
                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00FC6F71
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00FC70A5
                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,000000FF), ref: 00FC70F8
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00FC7102
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00FC711D
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00FC712F
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FC7143
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3095088415-0
                                                                                                                                                                                                                • Opcode ID: 154fb655f4703b410233d570908f20aa6bdd9ecdaeb2f4085acd61c1982da9f8
                                                                                                                                                                                                                • Instruction ID: 8b878c633d378a2810ede46831e6f0a3949b23728cfad1f19435ffd493acefd4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 154fb655f4703b410233d570908f20aa6bdd9ecdaeb2f4085acd61c1982da9f8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05B15471C10B498EC726DFB4E8916ADFB75BF8A340F00834AE4827A249EB7E5581CF50
                                                                                                                                                                                                                Function 00FC7C00 Relevance: 12.1, APIs: 8, Instructions: 84registrysynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegisterServiceCtrlHandlerA.ADVAPI32(00BC4A48,Function_00015800), ref: 00FC7C94
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(00000000,01017070), ref: 00FC7CC2
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00FC7CD0
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(00000000,01017070), ref: 00FC7D1E
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00001388), ref: 00FC7D2F
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(00000000,01017070), ref: 00FC7D61
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00FC7D6D
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(00000000,01017070), ref: 00FC7DBB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Service$Status$CloseCreateCtrlEventHandleHandlerObjectRegisterSingleWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3399922960-0
                                                                                                                                                                                                                • Opcode ID: f9b4d7ebf5931d8f86507e7d4bc6dcef8b5d274d6ab5fd40e5d18235e18d94a8
                                                                                                                                                                                                                • Instruction ID: b4c2ef41505e5e5fa25ecf3d3f5f85a58cc2631dcba05e1389ef9ac7488660b1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9b4d7ebf5931d8f86507e7d4bc6dcef8b5d274d6ab5fd40e5d18235e18d94a8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F41F6B9940700CFD32ADF70F86AB1677A9B789744F408209F5C29A288D7BF64858B40
                                                                                                                                                                                                                Function 00FBDE80 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 278COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                • Opcode ID: 3c8ca988e7c7ef6d7f837081767a8577f541051f15ecd61b8f491b2138b290e6
                                                                                                                                                                                                                • Instruction ID: f9954cab3ab99f2e323bb37102794bbf17754ea8e1d8c1bc0175a2bcd3a04525
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c8ca988e7c7ef6d7f837081767a8577f541051f15ecd61b8f491b2138b290e6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3C1F271D00209DFCB15CFB9D8516EDB7B2BF86344F248259F446AB285E77A9A80EF40
                                                                                                                                                                                                                Function 00FEAF7C Relevance: 10.6, APIs: 7, Instructions: 84COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___unDName.LIBCMT ref: 00FEAFAB
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00FEAFBE
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00FEAFDA
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00FEAFEC
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00FEAFFD
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FEB046
                                                                                                                                                                                                                  • Part of subcall function 00FE047D: IsProcessorFeaturePresent.KERNEL32(00000017,00FE0451,00000000,?,?,?,?,?,00FE045E,00000000,00000000,00000000,00000000,00000000,00FEC360), ref: 00FE047F
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FEB03F
                                                                                                                                                                                                                  • Part of subcall function 00FDA688: RtlFreeHeap.NTDLL(00000000,00000000,?,00FE2938,00000000,00FE0F5F,00FEE22D,00000000,?,00FDFC97,?,?,00000000), ref: 00FDA69C
                                                                                                                                                                                                                  • Part of subcall function 00FDA688: GetLastError.KERNEL32(00000000,?,00FE2938,00000000,00FE0F5F,00FEE22D,00000000,?,00FDFC97,?,?,00000000,?,?,?,00FE2A32), ref: 00FDA6AE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free_malloc$ErrorFeatureFreeHeapLastNamePresentProcessor___un__lock_strlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3704956918-0
                                                                                                                                                                                                                • Opcode ID: 9e15ae5f319cdb13ad3c4d2285061a8defcb61ad48a5d43d0a46a8adf8460016
                                                                                                                                                                                                                • Instruction ID: fc9723be80ecce88f00b78b7e044d1e72a8450684d6dc43d8e3bcc832776e42c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e15ae5f319cdb13ad3c4d2285061a8defcb61ad48a5d43d0a46a8adf8460016
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63212BB1900386EAD721AB359C01B2BB794AF00320F188219F5299B3C2DB78E840E795
                                                                                                                                                                                                                Function 00FE29FA Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __init_pointers.LIBCMT ref: 00FE29FA
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: EncodePointer.KERNEL32(00000000,?,00FE29FF,00FDEF28,01013DE8,00000014), ref: 00FDA3E2
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: __initp_misc_winsig.LIBCMT ref: 00FDA3FD
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00FE09A3
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00FE09B7
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00FE09CA
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00FE09DD
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00FE09F0
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00FE0A03
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00FE0A16
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00FE0A29
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00FE0A3C
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00FE0A4F
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00FE0A62
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00FE0A75
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00FE0A88
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00FE0A9B
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00FE0AAE
                                                                                                                                                                                                                  • Part of subcall function 00FDA3DF: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00FE0AC1
                                                                                                                                                                                                                • __mtinitlocks.LIBCMT ref: 00FE29FF
                                                                                                                                                                                                                • __mtterm.LIBCMT ref: 00FE2A08
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00FE2A2D
                                                                                                                                                                                                                • __initptd.LIBCMT ref: 00FE2A4F
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00FE2A56
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1593083391-0
                                                                                                                                                                                                                • Opcode ID: 62c9337ca4afa24e3d4afea2179814f5e37b0d5dee362b877459aa155a350e45
                                                                                                                                                                                                                • Instruction ID: dfa470b6c09de1030c9cea942cd084fd5890216c781c59a6f0d45a5d61407c91
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62c9337ca4afa24e3d4afea2179814f5e37b0d5dee362b877459aa155a350e45
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45F0F0329292D15DE6B4BB767C0365A36899B01B30F20063AF4A5D50D2FF9D8981B284
                                                                                                                                                                                                                Function 00FC1D00 Relevance: 9.3, APIs: 6, Instructions: 252fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00FC1F5C
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FC221F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFile_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3830271748-0
                                                                                                                                                                                                                • Opcode ID: 9dce2c593ab0351d36786dcc7df63db637bf3e47477bea43ee1093fc72329093
                                                                                                                                                                                                                • Instruction ID: 5a6dffd6d6a215704638b6318e3b3eb00e025a113045350e6523314d686e194a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9dce2c593ab0351d36786dcc7df63db637bf3e47477bea43ee1093fc72329093
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAC15872910A099AC322CF76ED41699B375BFCA345F14870AE5827F189EBBE6084DB00
                                                                                                                                                                                                                Function 00FC67C0 Relevance: 9.2, APIs: 6, Instructions: 201libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _rand$AddressProc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 345958962-0
                                                                                                                                                                                                                • Opcode ID: 9155862f32daac82daeb9dbf2732074f7dc6c6208783213d6fc71b370e26f3eb
                                                                                                                                                                                                                • Instruction ID: 3c0fc8fc11642303d5dbbb38741533c0d12ed01077ad5412df676df3e90aa831
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9155862f32daac82daeb9dbf2732074f7dc6c6208783213d6fc71b370e26f3eb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED91BE72900A04CFC322DFB8ED42A69B771BBCA345F04831AE485AF289E77F5480DB54
                                                                                                                                                                                                                Function 00FC5000 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 439COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free_memset
                                                                                                                                                                                                                • String ID: $
                                                                                                                                                                                                                • API String ID: 287624719-227171996
                                                                                                                                                                                                                • Opcode ID: bee27ed29d9352118fe5ae4da1ee818334942c9ab87a39b38c7e2614857c973e
                                                                                                                                                                                                                • Instruction ID: f0b19ba5b614cbf27a50a179b4154b6304b9e4bc9f09fc48c8c34588e9f63a37
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bee27ed29d9352118fe5ae4da1ee818334942c9ab87a39b38c7e2614857c973e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1112B171D00A099FCB16DFB8EC51AADB771BF8A304F048219E4457B249EB3E6585DF50
                                                                                                                                                                                                                Function 00FEF363 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00FEF8FF
                                                                                                                                                                                                                  • Part of subcall function 00FE050D: __mtinitlocknum.LIBCMT ref: 00FE051F
                                                                                                                                                                                                                  • Part of subcall function 00FE050D: __amsg_exit.LIBCMT ref: 00FE052B
                                                                                                                                                                                                                  • Part of subcall function 00FE050D: EnterCriticalSection.KERNEL32(?,?,00FE2990,0000000D), ref: 00FE0538
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FEF925
                                                                                                                                                                                                                  • Part of subcall function 00FDA688: RtlFreeHeap.NTDLL(00000000,00000000,?,00FE2938,00000000,00FE0F5F,00FEE22D,00000000,?,00FDFC97,?,?,00000000), ref: 00FDA69C
                                                                                                                                                                                                                  • Part of subcall function 00FDA688: GetLastError.KERNEL32(00000000,?,00FE2938,00000000,00FE0F5F,00FEE22D,00000000,?,00FDFC97,?,?,00000000,?,?,?,00FE2A32), ref: 00FDA6AE
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00FEF93E
                                                                                                                                                                                                                • ___removelocaleref.LIBCMT ref: 00FEF94D
                                                                                                                                                                                                                • ___freetlocinfo.LIBCMT ref: 00FEF966
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FEF979
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 626533743-0
                                                                                                                                                                                                                • Opcode ID: 79e4de376166247c6ff827819736a25a437df1517009994696f2ee4122f8ab3b
                                                                                                                                                                                                                • Instruction ID: a554620da20e04cb0d87ad54aff42b4ef0cab131e6dfdd61bb2eb615b8060f53
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79e4de376166247c6ff827819736a25a437df1517009994696f2ee4122f8ab3b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1401C431902380A6EA347F66DC01B5D73959F01731F29422DF0D5AA1D2CB7C8988F995
                                                                                                                                                                                                                Function 00FB94B0 Relevance: 7.7, APIs: 5, Instructions: 197synchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,01017440,00000104), ref: 00FB9599
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FB966E
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00FB96A4
                                                                                                                                                                                                                • __vfwprintf_p.LIBCMT ref: 00FB975A
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000100), ref: 00FB9790
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountFileModuleMutexNameReleaseTick__vfwprintf_p_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2753155262-0
                                                                                                                                                                                                                • Opcode ID: 2a366220aab8f3ae76d1c3a16ba2af9966c9c42dc1fbe1bb1a628b54701b4536
                                                                                                                                                                                                                • Instruction ID: a8541823dd048c954558e43c6caed4f8ba623713aa8492717c45f212de4e95e8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a366220aab8f3ae76d1c3a16ba2af9966c9c42dc1fbe1bb1a628b54701b4536
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D181C0B1D006489FCB11CFB5EC82AADBBB1BF8A304F048219E5457B245E7BE6584CF51
                                                                                                                                                                                                                Function 00FC9EE0 Relevance: 7.7, APIs: 5, Instructions: 196processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00FCA00D
                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00FCA04D
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00FCA206
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00FCA218
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FCA261
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2526126748-0
                                                                                                                                                                                                                • Opcode ID: 7f081ee24f99b74981441dc0a6c07c019b1b5819d944bfdd1ed45a0ad071eb1a
                                                                                                                                                                                                                • Instruction ID: 58e2cd154f69539d2e2ce008da4489b938fb1e4b896b7a07a4f8ada29da59089
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f081ee24f99b74981441dc0a6c07c019b1b5819d944bfdd1ed45a0ad071eb1a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93A17875C00609CECB26CFB5E9816EDB7B1BF8A308F148249E4857B248E77E2585CF94
                                                                                                                                                                                                                Function 00FCA690 Relevance: 7.6, APIs: 5, Instructions: 120fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • std::ios_base::good.LIBCPMTD ref: 00FCA74F
                                                                                                                                                                                                                • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00FCA7A2
                                                                                                                                                                                                                • std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00FCA7B1
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00FB7A5E), ref: 00FCA7BE
                                                                                                                                                                                                                • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00FCA828
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Affinity::operator!=Concurrency::details::Hardware$DeleteFileMutex_baseMutex_base::~_std::_std::ios_base::good
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1152012751-0
                                                                                                                                                                                                                • Opcode ID: 1cf971669a1e543d68f9fd399fc8b1ab93223e2a6970504171f1480339ca282a
                                                                                                                                                                                                                • Instruction ID: 89f4330fada112878c8b4260baaac8013e629d635fd9251066a9faf099b64345
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1cf971669a1e543d68f9fd399fc8b1ab93223e2a6970504171f1480339ca282a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4051B03181020DDEC71AEB72ED52AEEB374BF96304B148259E4427B055FB3D2684EF50
                                                                                                                                                                                                                Function 01003B77 Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __getenv_helper_nolock.LIBCMT ref: 01003BB2
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01003BC0
                                                                                                                                                                                                                  • Part of subcall function 00FE0F5A: __getptd_noexit.LIBCMT ref: 00FE0F5A
                                                                                                                                                                                                                • _strnlen.LIBCMT ref: 01003C4B
                                                                                                                                                                                                                • __lock.LIBCMT ref: 01003C5C
                                                                                                                                                                                                                • __getenv_helper_nolock.LIBCMT ref: 01003C67
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2168648987-0
                                                                                                                                                                                                                • Opcode ID: f34cbd5cc490f85e7afe00d0a955aa3278d7905553dbcd90b4d417e2feb4ebca
                                                                                                                                                                                                                • Instruction ID: 2c310695f2cf9990af70800fde27d5dc319ea1f6c46ca89052395dc156ece759
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f34cbd5cc490f85e7afe00d0a955aa3278d7905553dbcd90b4d417e2feb4ebca
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F831CA32604666AEFB236A6A9C01BAE7794BF05B24F140065FA45DF2C1DF78894057D1
                                                                                                                                                                                                                Function 00FEE0FD Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00FEE109
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: __FF_MSGBANNER.LIBCMT ref: 00FDA714
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: __NMSG_WRITE.LIBCMT ref: 00FDA71B
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: RtlAllocateHeap.NTDLL(00BB0000,00000000,00000001,00000000,00000000,00000000,?,00FDFCE1,00000000,00000000,00000000,00000000,?,00FE05F7,00000018,01013E08), ref: 00FDA740
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FEE11C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1020059152-0
                                                                                                                                                                                                                • Opcode ID: 2c0c389fb1f5f7c0a295461d1edbe7f0447f2855dcef52c6f60027bd42bfb922
                                                                                                                                                                                                                • Instruction ID: 545420f2d8b56f7c40354ee567b460b244d0bacbf4c48f7995d47b03436f2176
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c0c389fb1f5f7c0a295461d1edbe7f0447f2855dcef52c6f60027bd42bfb922
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27110633905295AACB313F76BC047693798DF043B0F144526F9998A281DE7D88E0BB94
                                                                                                                                                                                                                Function 00FB9D40 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 00FB9DBA
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FB9DD5
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00FB9DE2
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00FB9DF0
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,000000FF), ref: 00FB9DFC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCreateHandle$EventObjectSingleThreadWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1404307249-0
                                                                                                                                                                                                                • Opcode ID: c6b3a9edacb64026d1b923bf83fc0121ee57ddc992f8862074dd28d6599c214d
                                                                                                                                                                                                                • Instruction ID: 4a550c462ded0dc782ec0dd6f66165470df70078462b23199de075fb1beb7897
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6b3a9edacb64026d1b923bf83fc0121ee57ddc992f8862074dd28d6599c214d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99213E74A00208EFC721DFA4DD85B59B7B5FF8A300F108245F845AB384D77AA980DF50
                                                                                                                                                                                                                Function 00FBD7B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$__snprintf
                                                                                                                                                                                                                • String ID: C:\Users\user
                                                                                                                                                                                                                • API String ID: 1922369481-2179397983
                                                                                                                                                                                                                • Opcode ID: aace15bdc459ba817bd665b2b0537c8c0643744b3e60ee8c6cafa3fcb43a286e
                                                                                                                                                                                                                • Instruction ID: cbeafc970ebbdaeee10b7ff1b20e391e0065380e69ad12c885bbee5250c1cd7d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aace15bdc459ba817bd665b2b0537c8c0643744b3e60ee8c6cafa3fcb43a286e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2D1D072810A089EC326EFB5EC52AADB334BF96744F048219F5467B14AFB7E2185DF50
                                                                                                                                                                                                                Function 00FD5D20 Relevance: 6.3, APIs: 4, Instructions: 252COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00FD5F63
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00FD5FB4
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: __FF_MSGBANNER.LIBCMT ref: 00FDA714
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: __NMSG_WRITE.LIBCMT ref: 00FDA71B
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: RtlAllocateHeap.NTDLL(00BB0000,00000000,00000001,00000000,00000000,00000000,?,00FDFCE1,00000000,00000000,00000000,00000000,?,00FE05F7,00000018,01013E08), ref: 00FDA740
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FD60D6
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FD60E4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _malloc$AllocateHeap_free_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3974598690-0
                                                                                                                                                                                                                • Opcode ID: 2fb3dc3afbdd931615b2d136eac8e5496d57782fc6c59b75ae54564d899f685b
                                                                                                                                                                                                                • Instruction ID: f2758cc73b3c3fbd237b62cd2d9db3355f629380dcaf4fed312b0dceb0fce63e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fb3dc3afbdd931615b2d136eac8e5496d57782fc6c59b75ae54564d899f685b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92C16D71900608DFC726CF69E880559B7B2FFCA344B18C60AE885AF349E77EA584DF54
                                                                                                                                                                                                                Function 00FED34E Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdjustPointer_memmove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1721217611-0
                                                                                                                                                                                                                • Opcode ID: f74806b169935982078a136d19476f384d7f3e64b2f00dcb9c502f07c1b6acba
                                                                                                                                                                                                                • Instruction ID: 329d10cf73bb1d7adca9a8c089ba8328340d1d47d08abcfce9f8b630cfefec03
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f74806b169935982078a136d19476f384d7f3e64b2f00dcb9c502f07c1b6acba
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8141B5726043865FEB34AF16DC41F6A37E59F15720F28401EF9448A9E2EB76F980F611
                                                                                                                                                                                                                Function 00FF2AF4 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00FF2B2A
                                                                                                                                                                                                                • __isleadbyte_l.LIBCMT ref: 00FF2B58
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000004,00000002,00000000,00000000), ref: 00FF2B86
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000004,00000001,00000000,00000000), ref: 00FF2BBC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3058430110-0
                                                                                                                                                                                                                • Opcode ID: a9986aa4e5efd2b8553ba4faf1483664c254e587a3c0e2a47967dfa858b9f3b6
                                                                                                                                                                                                                • Instruction ID: 54c4d097d4fd7bd45be919f6d3e37e93fb5ffc8c48da74fdcf7d1f1169239406
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9986aa4e5efd2b8553ba4faf1483664c254e587a3c0e2a47967dfa858b9f3b6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1631D231A0024AAFDB668F25CC84BBA7BB5FF80320F154128EE54871A0E734D891EB90
                                                                                                                                                                                                                Function 00FB3D80 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00FB3DB2
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: __FF_MSGBANNER.LIBCMT ref: 00FDA714
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: __NMSG_WRITE.LIBCMT ref: 00FDA71B
                                                                                                                                                                                                                  • Part of subcall function 00FDA6FD: RtlAllocateHeap.NTDLL(00BB0000,00000000,00000001,00000000,00000000,00000000,?,00FDFCE1,00000000,00000000,00000000,00000000,?,00FE05F7,00000018,01013E08), ref: 00FDA740
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FB3DDA
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FB3E25
                                                                                                                                                                                                                • _free.LIBCMT ref: 00FB3E34
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$AllocateHeap_free_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 585861054-0
                                                                                                                                                                                                                • Opcode ID: 08c058015e7275539fc6b2bd0a67ceb209c4afa5a805f824461c2a015f822414
                                                                                                                                                                                                                • Instruction ID: 3514bd56419f828941550f51c8d45a78549374f59f5815e5d2124c35c55b7ced
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08c058015e7275539fc6b2bd0a67ceb209c4afa5a805f824461c2a015f822414
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8318AB9900608EFC711CF24D881A9AB766AF89340F14C349F8495F345D73AEA85DB80
                                                                                                                                                                                                                Function 00FEF368 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00FE28C0: __getptd_noexit.LIBCMT ref: 00FE28C1
                                                                                                                                                                                                                  • Part of subcall function 00FE28C0: __amsg_exit.LIBCMT ref: 00FE28CE
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00FEF9B6
                                                                                                                                                                                                                  • Part of subcall function 00FDFC83: __calloc_impl.LIBCMT ref: 00FDFC92
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00FEF9EC
                                                                                                                                                                                                                • ___addlocaleref.LIBCMT ref: 00FEF9F8
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00FEFA0C
                                                                                                                                                                                                                  • Part of subcall function 00FE0F5A: __getptd_noexit.LIBCMT ref: 00FE0F5A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2580527540-0
                                                                                                                                                                                                                • Opcode ID: 0f517400f434fefc3feed2f59bca2da20268d79911f59e45e43119a470dcd01e
                                                                                                                                                                                                                • Instruction ID: 15f43671cb22326a9d91663ffca83d6984b2fbf62a749f8ecd40a0e788f286b6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f517400f434fefc3feed2f59bca2da20268d79911f59e45e43119a470dcd01e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F01B9315013819BD720BFB69C03F5D77E19F41720F20415AF4999B2D2CE7C4A85BBA1
                                                                                                                                                                                                                Function 00FEB304 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3016257755-0
                                                                                                                                                                                                                • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                                                                • Instruction ID: 8f8e10958419399f40c41451e010b0b0e7d1fa157c85eca3f2f0a7d36c385075
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3701497244018AFFCF125E86DC068EE3F66BB19354B598515FA2898131D336C9B2BB82
                                                                                                                                                                                                                Function 00FECBB4 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___BuildCatchObject.LIBCMT ref: 00FECBCB
                                                                                                                                                                                                                  • Part of subcall function 00FED2C0: ___AdjustPointer.LIBCMT ref: 00FED309
                                                                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00FECBE2
                                                                                                                                                                                                                • ___FrameUnwindToState.LIBCMT ref: 00FECBF4
                                                                                                                                                                                                                • CallCatchBlock.LIBCMT ref: 00FECC18
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2633735394-0
                                                                                                                                                                                                                • Opcode ID: 2d8c29e931c82cb4b179de0235233341f27f52423f207cbaa2e250d67f1f5fc6
                                                                                                                                                                                                                • Instruction ID: fa4dd5ed611bc57cd542c783438b2bd42dd7b008303e50944b483111429ee886
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d8c29e931c82cb4b179de0235233341f27f52423f207cbaa2e250d67f1f5fc6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB014C32400149BBCF126F6ACC01EDA3FBAFF88754F144015FD1866221D336E862EBA1
                                                                                                                                                                                                                Function 00FB7390 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 410COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountSystemTickTime_malloc
                                                                                                                                                                                                                • String ID: Z
                                                                                                                                                                                                                • API String ID: 3770554779-1505515367
                                                                                                                                                                                                                • Opcode ID: 62caf45af4004c76b5aa6fef9772e8c2ebf62323d9c5f766ee80ad951c5042d7
                                                                                                                                                                                                                • Instruction ID: 1ed638a51ed4d7047c40b2301ec0205d65e69d3dd9dee13f995c4b6364e26525
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62caf45af4004c76b5aa6fef9772e8c2ebf62323d9c5f766ee80ad951c5042d7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A12AF71C00A089FC722DFB5EC51AADB775BF8A340F14821AE44A7B245EB7E1A85DF50
                                                                                                                                                                                                                Function 00FB76A3 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 279sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNEL32(000008AE), ref: 00FB7A4D
                                                                                                                                                                                                                  • Part of subcall function 00FD8900: _malloc.LIBCMT ref: 00FD897B
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _memset.LIBCMT ref: 00FC5C01
                                                                                                                                                                                                                  • Part of subcall function 00FC5BB0: _free.LIBCMT ref: 00FC5C43
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00FB79B3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$Sleep_free_malloc
                                                                                                                                                                                                                • String ID: Z
                                                                                                                                                                                                                • API String ID: 3151160524-1505515367
                                                                                                                                                                                                                • Opcode ID: b24d31c2375c7173ac55f55a41a506d694318bfbdb941cbb2d66eae1744f21da
                                                                                                                                                                                                                • Instruction ID: d66b9ccb95d534268bc9ddf84f06cd189129965a2745b74487628413c091f02e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b24d31c2375c7173ac55f55a41a506d694318bfbdb941cbb2d66eae1744f21da
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BC1AF76C00608DFCB16DFA5EC81AEDB375BF89300F04825AE549BB245EB796A84DF50
                                                                                                                                                                                                                Function 00FBE1E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                • API String ID: 2931989736-1885708031
                                                                                                                                                                                                                • Opcode ID: 234c355a9f05e6329691c226727b7bd96f9ae795f4fd5bdef55b51d644a41ded
                                                                                                                                                                                                                • Instruction ID: 9d8f13a9f6e914322c2bed4dfd592d312522caad1c32f419ecf0d070caa121a4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 234c355a9f05e6329691c226727b7bd96f9ae795f4fd5bdef55b51d644a41ded
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72317C72C10A09CBC722DFB4E8116D9B7B6BFDB344F148315E5867E109E77E54829B40
                                                                                                                                                                                                                Function 00FC1799 Relevance: 5.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00FC181F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00FC56E4), ref: 00FC1829
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000020), ref: 00FC1833
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00FC1843
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                • Opcode ID: d8560ca7d35cf7697df7d1b3ccacbdb0db4d31c29cc1d1a8d1b43c20672ab160
                                                                                                                                                                                                                • Instruction ID: 3565758cdd11bac97b28feb793a2e19c63fe2104cc6c64b08e155377bfee9321
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8560ca7d35cf7697df7d1b3ccacbdb0db4d31c29cc1d1a8d1b43c20672ab160
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07F03075D02209DFCB20DFE1EA49BBE7775BB85311F404948E50156384CB7E5990DF91
                                                                                                                                                                                                                Function 00FC1766 Relevance: 5.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00FC181F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00FC56E4), ref: 00FC1829
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000020), ref: 00FC1833
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00FC1843
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1732740292.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732727175.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732776155.0000000001007000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001015000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732792726.0000000001019000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1732822467.000000000101A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_fb0000_25XrVZw56S.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                • Opcode ID: 7ee0b48c6751455d996666ce36b8d9461584d874d7220b656a37770d17477d29
                                                                                                                                                                                                                • Instruction ID: 3565758cdd11bac97b28feb793a2e19c63fe2104cc6c64b08e155377bfee9321
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ee0b48c6751455d996666ce36b8d9461584d874d7220b656a37770d17477d29
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07F03075D02209DFCB20DFE1EA49BBE7775BB85311F404948E50156384CB7E5990DF91

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:11%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:4%
                                                                                                                                                                                                                Total number of Nodes:1392
                                                                                                                                                                                                                Total number of Limit Nodes:84
                                                                                                                                                                                                                execution_graph 31602 cfeea4 31642 d0c365 31602->31642 31604 cfeea9 __fcloseall 31646 d008f3 GetStartupInfoW 31604->31646 31607 cfeebf 31648 d02a93 GetProcessHeap 31607->31648 31608 cfef17 31609 cfef22 31608->31609 31747 cff044 58 API calls 3 library calls 31608->31747 31649 d029fa 31609->31649 31612 cfef28 31613 cfef33 __RTC_Initialize 31612->31613 31748 cff044 58 API calls 3 library calls 31612->31748 31670 d0a5a6 31613->31670 31616 cfef42 31617 cfef4e GetCommandLineA 31616->31617 31749 cff044 58 API calls 3 library calls 31616->31749 31689 d0c401 GetEnvironmentStringsW 31617->31689 31620 cfef4d 31620->31617 31624 cfef73 31713 d0c237 31624->31713 31628 cfef84 31729 cfa2db 31628->31729 31631 cfef8c 31632 cfef97 31631->31632 31752 cfa2a1 58 API calls 3 library calls 31631->31752 31735 d0c48e 31632->31735 31643 d0c395 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 31642->31643 31644 d0c388 31642->31644 31645 d0c38c 31643->31645 31644->31643 31644->31645 31645->31604 31647 d00909 31646->31647 31647->31607 31648->31608 31753 cfa3df 36 API calls 2 library calls 31649->31753 31651 d029ff 31754 d0065e InitializeCriticalSectionAndSpinCount __alloc_osfhnd 31651->31754 31653 d02a04 31654 d02a08 31653->31654 31756 d007e7 TlsAlloc 31653->31756 31755 d02a70 TlsFree __mtterm 31654->31755 31657 d02a1a 31657->31654 31659 d02a25 31657->31659 31757 cffc83 31659->31757 31662 d02a67 31765 d02a70 TlsFree __mtterm 31662->31765 31665 d02a46 31665->31662 31667 d02a4c 31665->31667 31764 d02947 58 API calls 4 library calls 31667->31764 31669 d02a54 GetCurrentThreadId 31669->31612 31671 d0a5b2 __fcloseall 31670->31671 31777 d0050d 31671->31777 31673 d0a5b9 31674 cffc83 __calloc_crt 58 API calls 31673->31674 31675 d0a5ca 31674->31675 31676 d0a635 GetStartupInfoW 31675->31676 31677 d0a5d5 __fcloseall @_EH4_CallFilterFunc@8 31675->31677 31679 d0a779 31676->31679 31685 d0a64a 31676->31685 31677->31616 31678 d0a841 31786 d0a851 LeaveCriticalSection _doexit 31678->31786 31679->31678 31682 d0a7c6 GetStdHandle 31679->31682 31684 d0a7d9 GetFileType 31679->31684 31785 d0092e InitializeCriticalSectionAndSpinCount 31679->31785 31681 cffc83 __calloc_crt 58 API calls 31681->31685 31682->31679 31683 d0a698 31683->31679 31686 d0a6cc GetFileType 31683->31686 31784 d0092e InitializeCriticalSectionAndSpinCount 31683->31784 31684->31679 31685->31679 31685->31681 31685->31683 31686->31683 31691 d0c414 WideCharToMultiByte 31689->31691 31695 cfef5e 31689->31695 31692 d0c447 31691->31692 31693 d0c47e FreeEnvironmentStringsW 31691->31693 31789 cffccb 31692->31789 31693->31695 31702 d0c008 31695->31702 31697 d0c454 WideCharToMultiByte 31698 d0c473 FreeEnvironmentStringsW 31697->31698 31699 d0c46a 31697->31699 31698->31695 31795 cfa688 31699->31795 31701 d0c470 31701->31698 31703 d0c016 31702->31703 31704 d0c01b GetModuleFileNameA 31702->31704 31840 d0186f 31703->31840 31706 d0c048 31704->31706 31834 d0c0bb 31706->31834 31709 cffccb __malloc_crt 58 API calls 31710 d0c081 31709->31710 31711 d0c0bb _parse_cmdline 58 API calls 31710->31711 31712 cfef68 31710->31712 31711->31712 31712->31624 31750 cfa2a1 58 API calls 3 library calls 31712->31750 31714 d0c240 31713->31714 31717 d0c245 _strlen 31713->31717 31715 d0186f ___initmbctable 71 API calls 31714->31715 31715->31717 31716 cffc83 __calloc_crt 58 API calls 31722 d0c27b _strlen 31716->31722 31717->31716 31720 cfef79 31717->31720 31718 d0c2cd 31719 cfa688 _free 58 API calls 31718->31719 31719->31720 31720->31628 31751 cfa2a1 58 API calls 3 library calls 31720->31751 31721 cffc83 __calloc_crt 58 API calls 31721->31722 31722->31718 31722->31720 31722->31721 31723 d0c2f4 31722->31723 31726 d0c30b 31722->31726 32011 d0c4ed 58 API calls _vfprintf_helper 31722->32011 31724 cfa688 _free 58 API calls 31723->31724 31724->31720 32012 d0047d 8 API calls 2 library calls 31726->32012 31728 d0c317 31731 cfa2e7 __IsNonwritableInCurrentImage 31729->31731 32013 d01181 31731->32013 31732 cfa305 __initterm_e 31734 cfa324 _doexit __IsNonwritableInCurrentImage 31732->31734 32016 cf965e 67 API calls _Error_objects 31732->32016 31734->31631 31736 d0c49a 31735->31736 31738 d0c49f 31735->31738 31737 d0186f ___initmbctable 71 API calls 31736->31737 31737->31738 31739 cfef9d 31738->31739 32017 d1a4ce 58 API calls x_ismbbtype_l 31738->32017 31741 ce2280 31739->31741 31742 ce22eb 31741->31742 32018 cf8e91 31742->32018 31744 ce2830 _memset 31745 ce4105 31744->31745 32026 cee9c0 31744->32026 31747->31609 31748->31613 31749->31620 31753->31651 31754->31653 31756->31657 31760 cffc8a 31757->31760 31759 cffcc5 31759->31662 31763 d00843 TlsSetValue 31759->31763 31760->31759 31762 cffca8 31760->31762 31766 d0e211 31760->31766 31762->31759 31762->31760 31774 d00cb9 Sleep 31762->31774 31763->31665 31764->31669 31767 d0e21c 31766->31767 31772 d0e237 31766->31772 31768 d0e228 31767->31768 31767->31772 31775 d00f5a 58 API calls __getptd_noexit 31768->31775 31769 d0e247 HeapAlloc 31769->31772 31773 d0e22d 31769->31773 31772->31769 31772->31773 31776 cffc1f DecodePointer 31772->31776 31773->31760 31774->31762 31775->31773 31776->31772 31778 d00531 EnterCriticalSection 31777->31778 31779 d0051e 31777->31779 31778->31673 31787 d005b5 58 API calls 10 library calls 31779->31787 31781 d00524 31781->31778 31788 cfa2a1 58 API calls 3 library calls 31781->31788 31784->31683 31785->31679 31786->31677 31787->31781 31792 cffcd9 31789->31792 31791 cffd0b 31791->31693 31791->31697 31792->31791 31793 cffcec 31792->31793 31801 cfa6fd 31792->31801 31793->31791 31793->31792 31818 d00cb9 Sleep 31793->31818 31796 cfa6ba __dosmaperr 31795->31796 31797 cfa691 RtlFreeHeap 31795->31797 31796->31701 31797->31796 31798 cfa6a6 31797->31798 31833 d00f5a 58 API calls __getptd_noexit 31798->31833 31800 cfa6ac GetLastError 31800->31796 31802 cfa778 31801->31802 31807 cfa709 31801->31807 31827 cffc1f DecodePointer 31802->31827 31804 cfa714 31804->31807 31819 d00d0c 58 API calls __NMSG_WRITE 31804->31819 31820 d00d69 58 API calls 8 library calls 31804->31820 31821 cfa17e 31804->31821 31805 cfa77e 31828 d00f5a 58 API calls __getptd_noexit 31805->31828 31807->31804 31809 cfa73c RtlAllocateHeap 31807->31809 31812 cfa764 31807->31812 31816 cfa762 31807->31816 31824 cffc1f DecodePointer 31807->31824 31809->31807 31810 cfa770 31809->31810 31810->31792 31825 d00f5a 58 API calls __getptd_noexit 31812->31825 31826 d00f5a 58 API calls __getptd_noexit 31816->31826 31818->31793 31819->31804 31820->31804 31829 cfa14a GetModuleHandleExW 31821->31829 31824->31807 31825->31816 31826->31810 31827->31805 31828->31810 31830 cfa17a ExitProcess 31829->31830 31831 cfa163 GetProcAddress 31829->31831 31831->31830 31832 cfa175 31831->31832 31832->31830 31833->31800 31836 d0c0dd 31834->31836 31839 d0c141 31836->31839 31844 d1a4ce 58 API calls x_ismbbtype_l 31836->31844 31837 d0c05e 31837->31709 31837->31712 31839->31837 31845 d1a4ce 58 API calls x_ismbbtype_l 31839->31845 31841 d01878 31840->31841 31842 d0187f 31840->31842 31846 d01c96 31841->31846 31842->31704 31844->31836 31845->31839 31847 d01ca2 __fcloseall 31846->31847 31871 d028c0 31847->31871 31851 d01cb4 31888 d01960 31851->31888 31854 cffccb __malloc_crt 58 API calls 31855 d01cd6 31854->31855 31856 d01e03 __fcloseall 31855->31856 31895 d01e3e 31855->31895 31856->31842 31859 d01e13 31859->31856 31862 d01e26 31859->31862 31863 cfa688 _free 58 API calls 31859->31863 31860 d01d0c 31861 d01d2c 31860->31861 31865 cfa688 _free 58 API calls 31860->31865 31861->31856 31866 d0050d __lock 58 API calls 31861->31866 31906 d00f5a 58 API calls __getptd_noexit 31862->31906 31863->31862 31865->31861 31867 d01d5b 31866->31867 31868 d01de9 31867->31868 31870 cfa688 _free 58 API calls 31867->31870 31905 d01e08 LeaveCriticalSection _doexit 31868->31905 31870->31868 31907 d028d8 GetLastError 31871->31907 31873 d028c6 31874 d01caa 31873->31874 31921 cfa2a1 58 API calls 3 library calls 31873->31921 31876 d01bbf 31874->31876 31877 d01bcb __fcloseall 31876->31877 31878 d028c0 CallCatchBlock 58 API calls 31877->31878 31879 d01bd5 31878->31879 31880 d0050d __lock 58 API calls 31879->31880 31881 d01be7 31879->31881 31886 d01c05 31880->31886 31883 d01bf5 __fcloseall 31881->31883 31927 cfa2a1 58 API calls 3 library calls 31881->31927 31882 d01c32 31928 d01c5c LeaveCriticalSection _doexit 31882->31928 31883->31851 31886->31882 31887 cfa688 _free 58 API calls 31886->31887 31887->31882 31929 d0188d 31888->31929 31891 d01991 31893 d019a8 31891->31893 31894 d01996 GetACP 31891->31894 31892 d0197f GetOEMCP 31892->31893 31893->31854 31893->31856 31894->31893 31896 d01960 getSystemCP 60 API calls 31895->31896 31897 d01e5b 31896->31897 31900 d01eac IsValidCodePage 31897->31900 31902 d01e62 setSBCS 31897->31902 31904 d01ed1 _memset __setmbcp_nolock 31897->31904 31899 d01cfd 31899->31859 31899->31860 31901 d01ebe GetCPInfo 31900->31901 31900->31902 31901->31902 31901->31904 31948 cff36d 31902->31948 31938 d01a2d GetCPInfo 31904->31938 31905->31856 31906->31856 31922 d00824 31907->31922 31909 d028ed 31910 d0293b SetLastError 31909->31910 31911 cffc83 __calloc_crt 55 API calls 31909->31911 31910->31873 31912 d02900 31911->31912 31912->31910 31925 d00843 TlsSetValue 31912->31925 31914 d02914 31915 d02932 31914->31915 31916 d0291a 31914->31916 31918 cfa688 _free 55 API calls 31915->31918 31926 d02947 58 API calls 4 library calls 31916->31926 31920 d02938 31918->31920 31919 d02922 GetCurrentThreadId 31919->31910 31920->31910 31923 d0083b TlsGetValue 31922->31923 31924 d00837 31922->31924 31923->31909 31924->31909 31925->31914 31926->31919 31928->31881 31930 d018eb 31929->31930 31931 d0189e 31929->31931 31930->31891 31930->31892 31932 d028c0 CallCatchBlock 58 API calls 31931->31932 31933 d018a4 31932->31933 31934 d018cb 31933->31934 31937 d0e8ce 58 API calls 6 library calls 31933->31937 31934->31930 31936 d01bbf __setmbcp 58 API calls 31934->31936 31936->31930 31937->31934 31939 d01b0f 31938->31939 31940 d01a65 31938->31940 31943 cff36d __fltin2 6 API calls 31939->31943 31955 d0ecfb 31940->31955 31945 d01bbb 31943->31945 31945->31902 31947 d0ebbd ___crtLCMapStringA 63 API calls 31947->31939 31949 cff377 IsProcessorFeaturePresent 31948->31949 31950 cff375 31948->31950 31952 d0c593 31949->31952 31950->31899 32010 d0c542 5 API calls ___raise_securityfailure 31952->32010 31954 d0c676 31954->31899 31956 d0188d _LocaleUpdate::_LocaleUpdate 58 API calls 31955->31956 31957 d0ed0c 31956->31957 31965 d0ec03 31957->31965 31960 d0ebbd 31961 d0188d _LocaleUpdate::_LocaleUpdate 58 API calls 31960->31961 31962 d0ebce 31961->31962 31979 d0e999 31962->31979 31966 d0ec2a MultiByteToWideChar 31965->31966 31967 d0ec1d 31965->31967 31970 d0ec56 31966->31970 31977 d0ec4f 31966->31977 31967->31966 31968 cff36d __fltin2 6 API calls 31969 d01ac6 31968->31969 31969->31960 31971 cfa6fd _malloc 58 API calls 31970->31971 31973 d0ec78 _memset __crtGetStringTypeA_stat 31970->31973 31971->31973 31972 d0ecb4 MultiByteToWideChar 31974 d0ecde 31972->31974 31975 d0ecce GetStringTypeW 31972->31975 31973->31972 31973->31977 31978 d0dd5c 58 API calls _free 31974->31978 31975->31974 31977->31968 31978->31977 31981 d0e9b2 MultiByteToWideChar 31979->31981 31982 d0ea11 31981->31982 31986 d0ea18 31981->31986 31983 cff36d __fltin2 6 API calls 31982->31983 31984 d01ae7 31983->31984 31984->31947 31985 d0ea77 MultiByteToWideChar 31987 d0eade 31985->31987 31988 d0ea90 31985->31988 31989 cfa6fd _malloc 58 API calls 31986->31989 31992 d0ea40 __crtGetStringTypeA_stat 31986->31992 32009 d0dd5c 58 API calls _free 31987->32009 32004 d0e043 31988->32004 31989->31992 31992->31982 31992->31985 31993 d0eaa4 31993->31987 31994 d0eaba 31993->31994 31996 d0eae6 31993->31996 31994->31987 31995 d0e043 ___crtLCMapStringW 2 API calls 31994->31995 31995->31987 31999 cfa6fd _malloc 58 API calls 31996->31999 32002 d0eb0e __crtGetStringTypeA_stat 31996->32002 31997 d0e043 ___crtLCMapStringW 2 API calls 31998 d0eb51 31997->31998 32000 d0eb79 31998->32000 32003 d0eb6b WideCharToMultiByte 31998->32003 31999->32002 32008 d0dd5c 58 API calls _free 32000->32008 32002->31987 32002->31997 32003->32000 32005 d0e053 LCMapStringEx 32004->32005 32006 d0e06e __crtCompareStringA_stat 32004->32006 32005->31993 32007 d0e085 LCMapStringW 32006->32007 32007->31993 32008->31987 32009->31982 32010->31954 32011->31722 32012->31728 32014 d01184 EncodePointer 32013->32014 32014->32014 32015 d0119e 32014->32015 32015->31732 32016->31734 32017->31738 32020 cf94dd 32018->32020 32019 cfa6fd _malloc 58 API calls 32019->32020 32020->32019 32021 cf94ff 32020->32021 32023 cf9503 std::exception::exception 32020->32023 32672 cffc1f DecodePointer 32020->32672 32021->31744 32673 cff37c RaiseException 32023->32673 32025 cf952d 32027 cee9f3 32026->32027 32028 cfa6fd _malloc 58 API calls 32027->32028 32029 ceecfe 32028->32029 32030 cfa5b0 58 API calls 32029->32030 32031 ceed70 _memset 32029->32031 32030->32031 32674 cf8900 32031->32674 32033 ceedde 32034 cf8900 58 API calls 32033->32034 32035 ceedf2 32034->32035 32036 cf8900 58 API calls 32035->32036 32037 ceee06 32036->32037 32038 cf8900 58 API calls 32037->32038 32039 ceee1a 32038->32039 32040 cf8900 58 API calls 32039->32040 32041 ceee2e 32040->32041 32042 cf8900 58 API calls 32041->32042 32043 ceee42 32042->32043 32044 cf8900 58 API calls 32043->32044 32045 ceee7d 32044->32045 32046 cf8900 58 API calls 32045->32046 32047 ceee91 32046->32047 32048 cf8900 58 API calls 32047->32048 32049 ceef6a GetModuleHandleA 32048->32049 32050 cf8900 58 API calls 32049->32050 32051 ceefaf 32050->32051 32678 ce5bb0 32051->32678 32054 cf8900 58 API calls 32055 cef056 32054->32055 32056 ce5bb0 58 API calls 32055->32056 32057 cef0b9 GetProcAddress 32056->32057 32058 cf8900 58 API calls 32057->32058 32059 cef0e1 32058->32059 32060 ce5bb0 58 API calls 32059->32060 32061 cef0f8 GetProcAddress 32060->32061 32063 cf8900 58 API calls 32061->32063 32064 cef1ab 32063->32064 32065 ce5bb0 58 API calls 32064->32065 32066 cef1c2 GetProcAddress 32065->32066 32068 cf8900 58 API calls 32066->32068 32069 cef2f9 32068->32069 32070 ce5bb0 58 API calls 32069->32070 32071 cef310 GetProcAddress 32070->32071 32072 cf8900 58 API calls 32071->32072 32073 cef337 32072->32073 32074 ce5bb0 58 API calls 32073->32074 32075 cef34e GetProcAddress 32074->32075 32076 cf8900 58 API calls 32075->32076 32077 cef375 32076->32077 32078 ce5bb0 58 API calls 32077->32078 32079 cef38c GetProcAddress 32078->32079 32080 cf8900 58 API calls 32079->32080 32081 cef3b3 32080->32081 32082 ce5bb0 58 API calls 32081->32082 32083 cef3ca GetProcAddress 32082->32083 32084 cf8900 58 API calls 32083->32084 32085 cef3f1 32084->32085 32086 ce5bb0 58 API calls 32085->32086 32087 cef408 GetProcAddress 32086->32087 32088 cf8900 58 API calls 32087->32088 32089 cef456 32088->32089 32090 ce5bb0 58 API calls 32089->32090 32091 cef46d GetProcAddress 32090->32091 32092 cf8900 58 API calls 32091->32092 32093 cef495 32092->32093 32094 ce5bb0 58 API calls 32093->32094 32095 cef4ac GetProcAddress 32094->32095 32096 cf8900 58 API calls 32095->32096 32097 cef522 32096->32097 32098 ce5bb0 58 API calls 32097->32098 32099 cef56a GetProcAddress 32098->32099 32100 cf8900 58 API calls 32099->32100 32101 cef5b7 32100->32101 32102 ce5bb0 58 API calls 32101->32102 32103 cef65f GetProcAddress 32102->32103 32104 cf8900 58 API calls 32103->32104 32105 cef687 32104->32105 32106 ce5bb0 58 API calls 32105->32106 32107 cef69e GetProcAddress 32106->32107 32108 cf8900 58 API calls 32107->32108 32109 cef6c6 32108->32109 32110 ce5bb0 58 API calls 32109->32110 32111 cef6dd GetProcAddress 32110->32111 32113 cf8900 58 API calls 32111->32113 32114 cef7a8 32113->32114 32115 ce5bb0 58 API calls 32114->32115 32116 cef7bf GetProcAddress 32115->32116 32117 cf8900 58 API calls 32116->32117 32118 cef82c 32117->32118 32119 ce5bb0 58 API calls 32118->32119 32120 cef843 GetProcAddress 32119->32120 32121 cef8da 32120->32121 32122 cf8900 58 API calls 32121->32122 32123 cef8fe 32122->32123 32124 ce5bb0 58 API calls 32123->32124 32125 cef96b GetProcAddress 32124->32125 32127 cf8900 58 API calls 32125->32127 32128 cefa14 32127->32128 32129 ce5bb0 58 API calls 32128->32129 32130 cefa2b GetProcAddress 32129->32130 32131 cf8900 58 API calls 32130->32131 32132 cefa53 32131->32132 32133 ce5bb0 58 API calls 32132->32133 32134 cefa6a GetProcAddress 32133->32134 32135 cf8900 58 API calls 32134->32135 32136 cefab1 32135->32136 32137 ce5bb0 58 API calls 32136->32137 32138 cefac8 GetProcAddress 32137->32138 32139 cf8900 58 API calls 32138->32139 32140 cefaef 32139->32140 32141 ce5bb0 58 API calls 32140->32141 32142 cefb06 GetProcAddress 32141->32142 32143 cf8900 58 API calls 32142->32143 32144 cefbc0 32143->32144 32145 ce5bb0 58 API calls 32144->32145 32146 cefbd7 GetProcAddress 32145->32146 32147 cf8900 58 API calls 32146->32147 32148 cefbff 32147->32148 32149 ce5bb0 58 API calls 32148->32149 32150 cefc16 GetProcAddress 32149->32150 32151 cf8900 58 API calls 32150->32151 32152 cefc3e 32151->32152 32153 ce5bb0 58 API calls 32152->32153 32154 cefc6d GetProcAddress 32153->32154 32155 cf8900 58 API calls 32154->32155 32156 cefcbe 32155->32156 32157 ce5bb0 58 API calls 32156->32157 32158 cefcd5 GetProcAddress 32157->32158 32159 cf8900 58 API calls 32158->32159 32160 cefcfc 32159->32160 32161 ce5bb0 58 API calls 32160->32161 32162 cefd43 GetProcAddress 32161->32162 32163 cf8900 58 API calls 32162->32163 32164 cefd6a 32163->32164 32165 ce5bb0 58 API calls 32164->32165 32166 cefd81 GetProcAddress 32165->32166 32167 cf8900 58 API calls 32166->32167 32168 cefda8 32167->32168 32169 ce5bb0 58 API calls 32168->32169 32170 cefdbf GetProcAddress 32169->32170 32171 cf8900 58 API calls 32170->32171 32172 cefe12 32171->32172 32173 ce5bb0 58 API calls 32172->32173 32174 cefe39 GetProcAddress 32173->32174 32175 cf8900 58 API calls 32174->32175 32176 cefe61 32175->32176 32177 ce5bb0 58 API calls 32176->32177 32178 cefe78 GetProcAddress 32177->32178 32179 cf8900 58 API calls 32178->32179 32180 cefea0 32179->32180 32181 ce5bb0 58 API calls 32180->32181 32182 cefeb7 GetProcAddress 32181->32182 32183 cf8900 58 API calls 32182->32183 32184 ceff1d 32183->32184 32185 ce5bb0 58 API calls 32184->32185 32186 ceff34 GetProcAddress 32185->32186 32187 cf8900 58 API calls 32186->32187 32188 ceff87 32187->32188 32189 ce5bb0 58 API calls 32188->32189 32190 ceff9e GetProcAddress 32189->32190 32191 cf8900 58 API calls 32190->32191 32192 ceffec 32191->32192 32193 ce5bb0 58 API calls 32192->32193 32194 cf0003 GetProcAddress 32193->32194 32195 cf8900 58 API calls 32194->32195 32196 cf002a 32195->32196 32197 ce5bb0 58 API calls 32196->32197 32198 cf0041 GetProcAddress 32197->32198 32199 cf8900 58 API calls 32198->32199 32200 cf0068 32199->32200 32201 ce5bb0 58 API calls 32200->32201 32202 cf00a9 GetProcAddress 32201->32202 32203 cf8900 58 API calls 32202->32203 32204 cf00d0 32203->32204 32205 ce5bb0 58 API calls 32204->32205 32206 cf00e7 GetProcAddress 32205->32206 32207 cf8900 58 API calls 32206->32207 32208 cf010e 32207->32208 32209 ce5bb0 58 API calls 32208->32209 32210 cf0125 GetProcAddress 32209->32210 32212 cf8900 58 API calls 32210->32212 32213 cf0262 32212->32213 32214 ce5bb0 58 API calls 32213->32214 32215 cf0279 GetProcAddress 32214->32215 32216 cf8900 58 API calls 32215->32216 32217 cf02ad 32216->32217 32218 ce5bb0 58 API calls 32217->32218 32219 cf02c4 GetProcAddress 32218->32219 32220 cf8900 58 API calls 32219->32220 32221 cf02ec 32220->32221 32222 ce5bb0 58 API calls 32221->32222 32223 cf0303 GetProcAddress 32222->32223 32224 cf8900 58 API calls 32223->32224 32225 cf032b 32224->32225 32226 ce5bb0 58 API calls 32225->32226 32227 cf0342 GetProcAddress 32226->32227 32228 cf8900 58 API calls 32227->32228 32229 cf036a 32228->32229 32230 ce5bb0 58 API calls 32229->32230 32231 cf0381 GetProcAddress 32230->32231 32232 cf8900 58 API calls 32231->32232 32233 cf03d3 32232->32233 32234 ce5bb0 58 API calls 32233->32234 32235 cf040c GetProcAddress 32234->32235 32236 cf044d 32235->32236 32237 cf8900 58 API calls 32236->32237 32238 cf04b8 32237->32238 32239 ce5bb0 58 API calls 32238->32239 32240 cf04cf GetProcAddress 32239->32240 32241 cf8900 58 API calls 32240->32241 32242 cf04f7 32241->32242 32243 ce5bb0 58 API calls 32242->32243 32244 cf050e GetProcAddress 32243->32244 32245 cf0581 32244->32245 32246 cf8900 58 API calls 32245->32246 32247 cf05bd 32246->32247 32248 ce5bb0 58 API calls 32247->32248 32249 cf0619 GetProcAddress 32248->32249 32250 cf8900 58 API calls 32249->32250 32251 cf0671 32250->32251 32252 ce5bb0 58 API calls 32251->32252 32253 cf0688 GetProcAddress 32252->32253 32254 cf8900 58 API calls 32253->32254 32255 cf06b0 32254->32255 32256 ce5bb0 58 API calls 32255->32256 32257 cf077f GetProcAddress 32256->32257 32258 cf8900 58 API calls 32257->32258 32259 cf07a7 32258->32259 32260 ce5bb0 58 API calls 32259->32260 32261 cf07be GetProcAddress 32260->32261 32262 cf8900 58 API calls 32261->32262 32263 cf07f0 32262->32263 32264 ce5bb0 58 API calls 32263->32264 32265 cf0827 GetProcAddress 32264->32265 32266 cf8900 58 API calls 32265->32266 32267 cf084f 32266->32267 32268 ce5bb0 58 API calls 32267->32268 32269 cf0866 GetProcAddress 32268->32269 32270 cf8900 58 API calls 32269->32270 32271 cf088e 32270->32271 32272 ce5bb0 58 API calls 32271->32272 32273 cf08d5 GetProcAddress 32272->32273 32274 cf8900 58 API calls 32273->32274 32275 cf08fd 32274->32275 32276 ce5bb0 58 API calls 32275->32276 32277 cf0914 GetProcAddress 32276->32277 32278 cf8900 58 API calls 32277->32278 32279 cf093c 32278->32279 32280 ce5bb0 58 API calls 32279->32280 32281 cf0953 GetProcAddress 32280->32281 32282 cf8900 58 API calls 32281->32282 32283 cf09ab 32282->32283 32284 ce5bb0 58 API calls 32283->32284 32285 cf09c2 GetProcAddress 32284->32285 32286 cf0a10 32285->32286 32287 cf8900 58 API calls 32286->32287 32288 cf0ac1 32287->32288 32289 ce5bb0 58 API calls 32288->32289 32290 cf0ad8 GetProcAddress 32289->32290 32291 cf0b4a 32290->32291 32292 cf8900 58 API calls 32291->32292 32293 cf0b83 32292->32293 32294 ce5bb0 58 API calls 32293->32294 32295 cf0b9a GetProcAddress 32294->32295 32296 cf8900 58 API calls 32295->32296 32297 cf0beb 32296->32297 32298 ce5bb0 58 API calls 32297->32298 32299 cf0c41 GetProcAddress 32298->32299 32300 cf8900 58 API calls 32299->32300 32301 cf0cb1 32300->32301 32302 ce5bb0 58 API calls 32301->32302 32303 cf0cc8 GetProcAddress 32302->32303 32304 cf8900 58 API calls 32303->32304 32305 cf0d03 32304->32305 32306 ce5bb0 58 API calls 32305->32306 32307 cf0d1a GetProcAddress 32306->32307 32308 cf8900 58 API calls 32307->32308 32309 cf0d42 32308->32309 32310 ce5bb0 58 API calls 32309->32310 32311 cf0d59 GetProcAddress 32310->32311 32312 cf8900 58 API calls 32311->32312 32313 cf0dbd 32312->32313 32314 ce5bb0 58 API calls 32313->32314 32315 cf0dd4 GetProcAddress 32314->32315 32316 cf0e55 32315->32316 32317 cf8900 58 API calls 32316->32317 32318 cf0e6d 32317->32318 32319 ce5bb0 58 API calls 32318->32319 32320 cf0e84 GetProcAddress 32319->32320 32321 cf8900 58 API calls 32320->32321 32322 cf0ebd 32321->32322 32323 ce5bb0 58 API calls 32322->32323 32324 cf0eec LoadLibraryA 32323->32324 32325 ce5bb0 58 API calls 32324->32325 32326 cf0f0f 32325->32326 32327 cf0fcb 32326->32327 32328 cf0f76 32326->32328 32330 cf8900 58 API calls 32327->32330 32329 cf8900 58 API calls 32328->32329 32331 cf0f82 LoadLibraryA 32329->32331 32332 cf0fd7 GetProcAddress 32330->32332 32333 ce5bb0 58 API calls 32331->32333 32334 cf8900 58 API calls 32332->32334 32335 cf0fab 32333->32335 32336 cf1005 32334->32336 32335->32327 32337 ce5bb0 58 API calls 32336->32337 32338 cf101c GetProcAddress 32337->32338 32339 cf8900 58 API calls 32338->32339 32340 cf1058 32339->32340 32341 ce5bb0 58 API calls 32340->32341 32342 cf108d GetProcAddress 32341->32342 32343 cf8900 58 API calls 32342->32343 32344 cf10f9 32343->32344 32345 ce5bb0 58 API calls 32344->32345 32346 cf1120 GetProcAddress 32345->32346 32347 cf8900 58 API calls 32346->32347 32348 cf1148 32347->32348 32349 ce5bb0 58 API calls 32348->32349 32350 cf115f GetProcAddress 32349->32350 32351 cf8900 58 API calls 32350->32351 32352 cf11a1 32351->32352 32353 ce5bb0 58 API calls 32352->32353 32354 cf11b8 GetProcAddress 32353->32354 32355 cf8900 58 API calls 32354->32355 32356 cf11e0 32355->32356 32357 ce5bb0 58 API calls 32356->32357 32358 cf11f7 GetProcAddress 32357->32358 32359 cf8900 58 API calls 32358->32359 32360 cf1246 32359->32360 32361 ce5bb0 58 API calls 32360->32361 32362 cf12a8 GetProcAddress 32361->32362 32363 cf8900 58 API calls 32362->32363 32364 cf12d0 32363->32364 32365 ce5bb0 58 API calls 32364->32365 32366 cf12e7 GetProcAddress 32365->32366 32367 cf8900 58 API calls 32366->32367 32368 cf130f 32367->32368 32369 ce5bb0 58 API calls 32368->32369 32370 cf1326 GetProcAddress 32369->32370 32372 cf8900 58 API calls 32370->32372 32373 cf1516 32372->32373 32374 ce5bb0 58 API calls 32373->32374 32375 cf152d GetProcAddress 32374->32375 32377 cf8900 58 API calls 32375->32377 32378 cf15f7 32377->32378 32379 ce5bb0 58 API calls 32378->32379 32380 cf1623 GetProcAddress 32379->32380 32381 cf8900 58 API calls 32380->32381 32382 cf164b 32381->32382 32383 ce5bb0 58 API calls 32382->32383 32384 cf1662 GetProcAddress 32383->32384 32385 cf8900 58 API calls 32384->32385 32386 cf168a 32385->32386 32387 ce5bb0 58 API calls 32386->32387 32388 cf16a1 GetProcAddress 32387->32388 32389 cf8900 58 API calls 32388->32389 32390 cf16c9 32389->32390 32391 ce5bb0 58 API calls 32390->32391 32392 cf1720 GetProcAddress 32391->32392 32393 cf8900 58 API calls 32392->32393 32394 cf1747 32393->32394 32395 ce5bb0 58 API calls 32394->32395 32396 cf175e GetProcAddress 32395->32396 32397 cf8900 58 API calls 32396->32397 32398 cf17bd 32397->32398 32399 ce5bb0 58 API calls 32398->32399 32400 cf17d4 GetProcAddress 32399->32400 32401 cf8900 58 API calls 32400->32401 32402 cf17fc 32401->32402 32403 ce5bb0 58 API calls 32402->32403 32404 cf18af LoadLibraryA 32403->32404 32405 cf8900 58 API calls 32404->32405 32406 cf18d0 32405->32406 32407 ce5bb0 58 API calls 32406->32407 32408 cf18e7 GetProcAddress 32407->32408 32409 cf8900 58 API calls 32408->32409 32410 cf193d 32409->32410 32411 ce5bb0 58 API calls 32410->32411 32412 cf1954 GetProcAddress 32411->32412 32414 cf8900 58 API calls 32412->32414 32415 cf19a7 32414->32415 32416 ce5bb0 58 API calls 32415->32416 32417 cf19be GetProcAddress 32416->32417 32418 cf8900 58 API calls 32417->32418 32419 cf19fe 32418->32419 32420 ce5bb0 58 API calls 32419->32420 32421 cf1a15 GetProcAddress 32420->32421 32422 cf8900 58 API calls 32421->32422 32423 cf1a3d 32422->32423 32424 ce5bb0 58 API calls 32423->32424 32425 cf1a78 GetProcAddress 32424->32425 32426 cf8900 58 API calls 32425->32426 32427 cf1ab0 32426->32427 32428 ce5bb0 58 API calls 32427->32428 32429 cf1ac7 GetProcAddress 32428->32429 32430 cf8900 58 API calls 32429->32430 32431 cf1aef 32430->32431 32432 ce5bb0 58 API calls 32431->32432 32433 cf1b06 GetProcAddress 32432->32433 32434 cf8900 58 API calls 32433->32434 32435 cf1b52 32434->32435 32436 ce5bb0 58 API calls 32435->32436 32437 cf1b99 GetProcAddress 32436->32437 32438 cf1bd5 32437->32438 32439 cf8900 58 API calls 32438->32439 32440 cf1bf1 32439->32440 32441 ce5bb0 58 API calls 32440->32441 32442 cf1c08 GetProcAddress 32441->32442 32443 cf1c4a 32442->32443 32444 cf8900 58 API calls 32443->32444 32445 cf1ca2 32444->32445 32446 ce5bb0 58 API calls 32445->32446 32447 cf1cb9 GetProcAddress 32446->32447 32448 cf8900 58 API calls 32447->32448 32449 cf1d4d 32448->32449 32450 ce5bb0 58 API calls 32449->32450 32451 cf1d64 GetProcAddress 32450->32451 32452 cf8900 58 API calls 32451->32452 32453 cf1d8c 32452->32453 32454 ce5bb0 58 API calls 32453->32454 32455 cf1da3 GetProcAddress 32454->32455 32456 cf8900 58 API calls 32455->32456 32457 cf1dcb 32456->32457 32458 ce5bb0 58 API calls 32457->32458 32459 cf1de2 GetProcAddress 32458->32459 32460 cf8900 58 API calls 32459->32460 32461 cf1e0a 32460->32461 32462 ce5bb0 58 API calls 32461->32462 32463 cf1e21 GetProcAddress 32462->32463 32464 cf8900 58 API calls 32463->32464 32465 cf1e49 32464->32465 32466 ce5bb0 58 API calls 32465->32466 32467 cf1e78 GetProcAddress 32466->32467 32468 cf8900 58 API calls 32467->32468 32469 cf1ea0 32468->32469 32470 ce5bb0 58 API calls 32469->32470 32471 cf1eb7 GetProcAddress 32470->32471 32472 cf8900 58 API calls 32471->32472 32473 cf1f68 32472->32473 32474 ce5bb0 58 API calls 32473->32474 32475 cf1f7f GetProcAddress 32474->32475 32476 cf8900 58 API calls 32475->32476 32477 cf1fbe 32476->32477 32478 ce5bb0 58 API calls 32477->32478 32479 cf200d GetProcAddress 32478->32479 32480 cf8900 58 API calls 32479->32480 32481 cf2034 32480->32481 32482 ce5bb0 58 API calls 32481->32482 32483 cf204b GetProcAddress 32482->32483 32484 cf8900 58 API calls 32483->32484 32485 cf20e0 32484->32485 32486 ce5bb0 58 API calls 32485->32486 32487 cf2107 GetProcAddress 32486->32487 32488 cf8900 58 API calls 32487->32488 32489 cf2139 32488->32489 32490 ce5bb0 58 API calls 32489->32490 32491 cf2164 GetProcAddress 32490->32491 32492 cf8900 58 API calls 32491->32492 32493 cf218c 32492->32493 32494 ce5bb0 58 API calls 32493->32494 32495 cf21a3 GetProcAddress 32494->32495 32496 cf8900 58 API calls 32495->32496 32497 cf21cb 32496->32497 32498 ce5bb0 58 API calls 32497->32498 32499 cf21e2 GetProcAddress 32498->32499 32500 cf8900 58 API calls 32499->32500 32501 cf220a 32500->32501 32502 ce5bb0 58 API calls 32501->32502 32503 cf2221 GetProcAddress 32502->32503 32504 cf8900 58 API calls 32503->32504 32505 cf2249 32504->32505 32506 ce5bb0 58 API calls 32505->32506 32507 cf2288 GetProcAddress 32506->32507 32508 ce5bb0 58 API calls 32507->32508 32509 cf22b2 32508->32509 32682 cd7de0 GetSystemTime 32509->32682 32512 cf8900 58 API calls 32513 cf2324 GetEnvironmentVariableA 32512->32513 32514 ce5bb0 58 API calls 32513->32514 32515 cf2388 CreateMutexA CreateMutexA CreateMutexA 32514->32515 32688 cf94dd 32515->32688 32519 cf2609 32696 ceacd0 32519->32696 32521 cf23ec 32521->32519 32522 cf253a GetTickCount 32521->32522 32524 cf254f __itow 32522->32524 32523 cf263f GetCommandLineA 32525 cf2669 32523->32525 32526 cf8900 58 API calls 32524->32526 32525->32525 32527 cf8900 58 API calls 32525->32527 32529 cf255e 32526->32529 32528 cf26a6 32527->32528 32530 ce5bb0 58 API calls 32528->32530 32529->32529 32532 ce5bb0 58 API calls 32529->32532 32531 cf271f 32530->32531 32533 cf276c 32531->32533 32534 cf3039 GetCommandLineA 32531->32534 32532->32519 32535 cf8900 58 API calls 32533->32535 32537 cf307d 32534->32537 32536 cf2778 32535->32536 32538 ce5bb0 58 API calls 32536->32538 32540 cf30f0 GetModuleFileNameA 32537->32540 32539 cf27a8 32538->32539 32541 cf2802 32539->32541 32543 cfa5b0 58 API calls 32539->32543 32791 d25f2b 32540->32791 32544 cf8900 58 API calls 32541->32544 32543->32541 32545 cf285c 32544->32545 32547 ce5bb0 58 API calls 32545->32547 32546 cf3150 32546->32546 32549 d25f2b 63 API calls 32546->32549 32548 cf28c0 32547->32548 32550 cf28d0 32548->32550 32552 cfa5b0 58 API calls 32548->32552 32551 cf31e5 32549->32551 32554 cf8900 58 API calls 32550->32554 32553 d25f2b 63 API calls 32551->32553 32552->32550 32559 cf31f4 32553->32559 32561 cf2918 32554->32561 32555 cf35c7 32800 ce1a50 32555->32800 32557 cf35d3 32558 cf36cb 32557->32558 32807 cfa5b0 32557->32807 32810 ce8370 32558->32810 32559->32555 32907 cea370 94 API calls _memset 32559->32907 32561->32561 32564 cf297f 32561->32564 32563 cf36d0 32876 cf8e80 32563->32876 32565 ce5bb0 58 API calls 32564->32565 32649 cf29aa 32565->32649 32567 ce9ee0 67 API calls 32567->32649 32569 cf326e 32908 ce0e80 63 API calls _memset 32569->32908 32572 cf8e80 GetSystemTimeAsFileTime 32572->32649 32573 cf2a43 Sleep 32905 cfa7e0 125 API calls 3 library calls 32573->32905 32574 cf3350 32576 cf34ae 32574->32576 32577 cf8900 58 API calls 32574->32577 32578 cfa5b0 58 API calls 32576->32578 32581 cf3369 LoadLibraryA 32577->32581 32582 cf34d4 32578->32582 32579 cf2fec Sleep 32579->32649 32580 cf3758 32580->32580 32585 cf38b1 WSAStartup 32580->32585 32583 cf8900 58 API calls 32581->32583 32582->32555 32584 cf3391 32583->32584 32586 ce5bb0 58 API calls 32584->32586 32588 cf3937 32585->32588 32598 cf39f6 32585->32598 32589 cf33a8 GetProcAddress 32586->32589 32587 cfa7e0 125 API calls __stat32i64 32587->32649 32591 cf8900 58 API calls 32588->32591 32590 ce5bb0 58 API calls 32589->32590 32592 cf33d3 32590->32592 32593 cf3943 32591->32593 32595 cf8900 58 API calls 32592->32595 32909 ced530 59 API calls 32593->32909 32619 cf33e5 32595->32619 32596 cf2c7e GetModuleFileNameA SetFileAttributesA 32601 cf2cd3 CopyFileA 32596->32601 32596->32649 32597 cf3a7d 32607 cf3a9a CloseHandle SetFileAttributesA CopyFileA 32597->32607 32627 cf3b7d 32597->32627 32598->32597 32879 ce4900 32598->32879 32600 cf3958 32605 ce5bb0 58 API calls 32600->32605 32601->32649 32603 cf2c3c Sleep 32603->32649 32604 cf3a18 32608 cf3a1c 32604->32608 32609 cf3a23 32604->32609 32605->32598 32606 ce7e90 3 API calls 32606->32649 32610 cf3b75 32607->32610 32611 cf3ad7 SetFileAttributesA 32607->32611 32612 cfa5b0 58 API calls 32608->32612 32910 cec1f0 Sleep GetSystemTimeAsFileTime 32609->32910 32900 cd1da0 32610->32900 32617 cf3aef 32611->32617 32618 cf3afb 32611->32618 32612->32609 32614 cf3a28 32614->32597 32615 cf3bd9 SetFileAttributesA CopyFileA SetFileAttributesA 32625 cf3c56 32615->32625 32616 cfa5b0 58 API calls 32616->32579 32887 ce8de0 OpenSCManagerA 32617->32887 32624 cf3b10 32618->32624 32629 cf3b1f Sleep 32618->32629 32623 ce5bb0 58 API calls 32619->32623 32628 cf34a4 32623->32628 32911 ce0510 61 API calls 32624->32911 32637 cf8900 58 API calls 32625->32637 32627->32615 32633 cf3bbb 32627->32633 32912 ce9ee0 67 API calls _memset 32627->32912 32913 ce6e60 70 API calls _memset 32627->32913 32634 cfa5b0 58 API calls 32628->32634 32895 ce7e90 32629->32895 32631 ce5bb0 58 API calls 32631->32649 32632 cfa5b0 58 API calls 32638 cf3fa7 32632->32638 32633->32615 32634->32576 32635 cf3b1c 32635->32629 32644 cf3c65 32637->32644 32638->31744 32640 cf3bc9 Sleep 32640->32627 32641 cf8900 58 API calls 32641->32649 32642 cf2f25 SetFileAttributesA 32642->32649 32643 cf2f33 SetFileAttributesA 32643->32649 32644->32644 32645 cf8900 58 API calls 32644->32645 32646 cf3d16 32645->32646 32647 ce5bb0 58 API calls 32646->32647 32648 cf3d2d 32647->32648 32914 cfae47 76 API calls __fsopen 32648->32914 32649->32567 32649->32572 32649->32573 32649->32579 32649->32587 32649->32596 32649->32601 32649->32606 32649->32616 32649->32631 32649->32641 32649->32642 32649->32643 32906 ce6e60 70 API calls _memset 32649->32906 32651 cf3d88 32652 ce5bb0 58 API calls 32651->32652 32653 cf3d9f 32652->32653 32915 cd2240 106 API calls __fcloseall 32653->32915 32655 cf3dc5 32656 cf8900 58 API calls 32655->32656 32657 cf3de6 32656->32657 32658 cf8900 58 API calls 32657->32658 32659 cf3dfb 32658->32659 32916 cfb368 32659->32916 32662 ce5bb0 58 API calls 32663 cf3ec0 32662->32663 32664 ce5bb0 58 API calls 32663->32664 32665 cf3ed1 32664->32665 32666 ce7e90 3 API calls 32665->32666 32667 cf3ee3 _memset 32666->32667 32668 cf3f0f CreateThread 32667->32668 32669 cf3f5e Sleep 32668->32669 32670 cf3f59 32668->32670 32669->32669 32931 ced5e0 StartServiceCtrlDispatcherA 32670->32931 32672->32020 32673->32025 32675 cf8914 32674->32675 32676 cfa6fd _malloc 58 API calls 32675->32676 32677 cf8980 __expandlocale 32676->32677 32677->32033 32679 ce5c06 _memset 32678->32679 32680 cfa688 _free 58 API calls 32679->32680 32681 ce5c48 GetProcAddress 32680->32681 32681->32054 32683 cd7e72 32682->32683 32684 cf8e80 GetSystemTimeAsFileTime 32683->32684 32685 cd7e9b GetTickCount 32684->32685 32932 cfa678 32685->32932 32690 cf94e5 32688->32690 32689 cfa6fd _malloc 58 API calls 32689->32690 32690->32689 32691 cf23cf 32690->32691 32693 cf9503 std::exception::exception 32690->32693 32935 cffc1f DecodePointer 32690->32935 32691->32521 32904 ce7540 59 API calls 32691->32904 32936 cff37c RaiseException 32693->32936 32695 cf952d 32937 cdd580 32696->32937 32698 ceacf5 GetVersionExA 32939 cda200 32698->32939 32703 ceaec2 32705 cf8900 58 API calls 32703->32705 32706 ceaee3 32705->32706 32959 cede40 32706->32959 32709 cead75 32709->32709 32711 ceadf8 CreateDirectoryA 32709->32711 32710 ce5bb0 58 API calls 32715 ceaf0c 32710->32715 32712 cf8900 58 API calls 32711->32712 32713 ceae30 32712->32713 32713->32713 32714 ce5bb0 58 API calls 32713->32714 32714->32703 32963 ce4360 32715->32963 32718 ceb0de 32719 cde620 59 API calls 32718->32719 32723 ceb127 32719->32723 32720 ceb072 DeleteFileA 32721 ceb0a0 32720->32721 32722 ceb0d1 RemoveDirectoryA 32720->32722 32721->32722 32722->32718 32723->32723 32724 ceb1da CreateDirectoryA 32723->32724 32725 ceb21f 32724->32725 32726 ceb266 CreateDirectoryA 32725->32726 32727 cf8900 58 API calls 32726->32727 32728 ceb287 32727->32728 32728->32728 32729 cf8900 58 API calls 32728->32729 32730 ceb317 32729->32730 32731 ce5bb0 58 API calls 32730->32731 32732 ceb34d 32731->32732 32733 cede40 59 API calls 32732->32733 32734 ceb469 32733->32734 32735 ce5bb0 58 API calls 32734->32735 32736 ceb477 32735->32736 32737 ce4360 5 API calls 32736->32737 32738 ceb4d5 32737->32738 32739 cebbba 32738->32739 32740 ceb4e9 32738->32740 32741 ceb531 32738->32741 32743 cebbc6 SetFileAttributesA 32739->32743 32744 cf8900 58 API calls 32740->32744 32742 cf8900 58 API calls 32741->32742 32745 ceb53d 32742->32745 32746 cebc35 _memset codecvt 32743->32746 32747 ceb4f5 32744->32747 32748 cfb368 __snprintf 83 API calls 32745->32748 32746->32523 32749 cfb368 __snprintf 83 API calls 32747->32749 32750 ceb563 32748->32750 32751 ceb51b 32749->32751 32752 ce5bb0 58 API calls 32750->32752 32753 ce5bb0 58 API calls 32751->32753 32754 ceb52c CreateDirectoryA 32752->32754 32753->32754 32756 ceb643 32754->32756 32756->32756 32757 ceb683 CreateDirectoryA 32756->32757 32758 cf8900 58 API calls 32757->32758 32759 ceb6c8 32758->32759 32759->32759 32760 cf8900 58 API calls 32759->32760 32761 ceb758 32760->32761 32762 ce5bb0 58 API calls 32761->32762 32763 ceb76f 32762->32763 32764 cede40 59 API calls 32763->32764 32765 ceb784 32764->32765 32766 ce5bb0 58 API calls 32765->32766 32767 ceb792 32766->32767 32768 ce4360 5 API calls 32767->32768 32769 ceb7be 32768->32769 32769->32739 32770 ceb7c9 GetTempPathA 32769->32770 32771 ceb7f0 32770->32771 32772 ceb8ec CreateDirectoryA 32771->32772 32773 cf8900 58 API calls 32772->32773 32774 ceb90d 32773->32774 32774->32774 32775 cf8900 58 API calls 32774->32775 32776 ceb9b1 32775->32776 32777 ce5bb0 58 API calls 32776->32777 32778 ceb9c8 32777->32778 32779 cede40 59 API calls 32778->32779 32780 ceb9dd 32779->32780 32781 ce5bb0 58 API calls 32780->32781 32782 ceb9eb 32781->32782 32783 ce4360 5 API calls 32782->32783 32784 ceba17 32783->32784 32785 cebb1f 32784->32785 32786 ceba22 GetTempPathA 32784->32786 32785->32739 32787 ceba50 32786->32787 32787->32787 32788 cf8900 58 API calls 32787->32788 32789 ceba8d 32788->32789 32789->32789 32790 ce5bb0 58 API calls 32789->32790 32790->32785 32792 d25f72 32791->32792 32793 d25f37 32791->32793 32997 d25fb3 63 API calls 2 library calls 32792->32997 32798 d25f52 32793->32798 32995 d00f5a 58 API calls __getptd_noexit 32793->32995 32796 d25f43 32996 d00452 9 API calls __invalid_parameter_noinfo_noreturn 32796->32996 32798->32546 32799 d25f4e 32799->32546 32801 ce1a78 32800->32801 32802 cf8900 58 API calls 32801->32802 32803 ce1b15 32802->32803 32803->32803 32804 ce5bb0 58 API calls 32803->32804 32805 ce1b89 CreateFileA 32804->32805 32806 ce1bb6 _memset 32805->32806 32806->32557 32998 cfa481 32807->32998 32809 cfa5bf 32809->32558 32811 ce83b6 32810->32811 32812 cf94dd _Allocate 59 API calls 32811->32812 32814 ce83e8 32812->32814 32813 ce846e GetComputerNameA 32815 ce84e7 32813->32815 32816 ce848a 32813->32816 32814->32813 32818 cf8900 58 API calls 32815->32818 32817 cf8900 58 API calls 32816->32817 32819 ce8496 32817->32819 32820 ce851a 32818->32820 32822 ce5bb0 58 API calls 32819->32822 32821 ce5bb0 58 API calls 32820->32821 32823 ce857d 32821->32823 32822->32815 32824 cede40 59 API calls 32823->32824 32825 ce8598 32824->32825 33025 cdcd60 32825->33025 32827 ce85a2 _memset 33035 cde7a0 32827->33035 32832 cdcd60 59 API calls 32833 ce88ae 32832->32833 32834 cdcfc0 59 API calls 32833->32834 32835 ce891f 32834->32835 32836 cdcd60 59 API calls 32835->32836 32837 ce8929 32836->32837 32838 cdcfc0 59 API calls 32837->32838 32839 ce89f4 32838->32839 32840 cdcd60 59 API calls 32839->32840 32841 ce89fe 32840->32841 32842 cdcfc0 59 API calls 32841->32842 32843 ce8a0d 32842->32843 32844 cdcd60 59 API calls 32843->32844 32845 ce8a17 32844->32845 32846 cdcfc0 59 API calls 32845->32846 32847 ce8a39 32846->32847 32848 cdcd60 59 API calls 32847->32848 32849 ce8a8d 32848->32849 32850 cf8900 58 API calls 32849->32850 32851 ce8a99 32850->32851 32852 cdcfc0 59 API calls 32851->32852 32853 ce8aab 32852->32853 32854 ce5bb0 58 API calls 32853->32854 32855 ce8aed 32854->32855 32856 cdcd60 59 API calls 32855->32856 32857 ce8afa 32856->32857 32858 cdcfc0 59 API calls 32857->32858 32859 ce8b09 32858->32859 32860 cdcd60 59 API calls 32859->32860 32861 ce8b13 32860->32861 32862 cdcfc0 59 API calls 32861->32862 32863 ce8bf3 32862->32863 32864 cdcd60 59 API calls 32863->32864 32865 ce8bfd 32864->32865 33079 cdc910 32865->33079 32867 ce8c17 32868 cdcfc0 59 API calls 32867->32868 32869 ce8c3e 32868->32869 33085 cd2510 32869->33085 32871 ce8c94 allocator 33117 cf57c0 32871->33117 32873 ce8ccf 33121 cec870 32873->33121 32875 ce8ced _memset codecvt 32875->32563 33195 cfa78f GetSystemTimeAsFileTime 32876->33195 32878 cf8e8c 32878->32580 32880 ce493f 32879->32880 32881 cf8900 58 API calls 32880->32881 32886 ce4a17 _memset codecvt 32880->32886 32882 ce4b1d 32881->32882 32882->32882 32883 ce5bb0 58 API calls 32882->32883 32884 ce4b91 32883->32884 33197 ce1d00 32884->33197 32886->32604 32888 ce9006 32887->32888 32889 ce8e66 CreateServiceA 32887->32889 32888->32618 32890 ce8ec5 32889->32890 32891 ce8fc8 OpenServiceA 32890->32891 32892 ce8f02 ChangeServiceConfig2A StartServiceA CloseServiceHandle 32890->32892 32893 ce8ffc CloseServiceHandle 32891->32893 32894 ce8fe4 StartServiceA CloseServiceHandle 32891->32894 32892->32893 32893->32888 32894->32893 33214 cfecc0 32895->33214 32898 ce7f5a CloseHandle CloseHandle 32899 ce7fa5 32898->32899 32899->32610 32901 cd1e2f 32900->32901 32902 cd1e67 WaitForSingleObject 32900->32902 32901->32902 32903 cd1ed1 32902->32903 32903->32632 32904->32521 32905->32649 32906->32603 32907->32569 32908->32574 32909->32600 32910->32614 32911->32635 32912->32627 32913->32640 32914->32651 32915->32655 32917 cfb399 32916->32917 32918 cfb384 32916->32918 32920 cfb3bd 32917->32920 32922 cfb3a8 32917->32922 33216 d00f5a 58 API calls __getptd_noexit 32918->33216 33220 d07711 83 API calls 12 library calls 32920->33220 32921 cfb389 33217 d00452 9 API calls __invalid_parameter_noinfo_noreturn 32921->33217 33218 d00f5a 58 API calls __getptd_noexit 32922->33218 32926 cfb3ad 33219 d00452 9 API calls __invalid_parameter_noinfo_noreturn 32926->33219 32927 cf3e28 32927->32662 32928 cfb3ea 32928->32927 33221 d04ff2 78 API calls 6 library calls 32928->33221 32931->32669 32933 d028c0 CallCatchBlock 58 API calls 32932->32933 32934 cd7f31 32933->32934 32934->32512 32935->32690 32936->32695 32938 cdd58f 32937->32938 32938->32698 32940 cda28c 32939->32940 32941 cda2c2 AllocateAndInitializeSid 32939->32941 32940->32941 32942 cda435 32941->32942 32943 cda324 CheckTokenMembership 32941->32943 32946 cd6ca0 32942->32946 32944 cda357 32943->32944 32945 cda402 FreeSid 32943->32945 32944->32945 32945->32942 32947 cf8900 58 API calls 32946->32947 32948 cd6cd8 GetProcAddress 32947->32948 32949 ce5bb0 58 API calls 32948->32949 32950 cd6d5c 32949->32950 32951 cd6d7e GetCurrentProcess 32950->32951 32952 cd6d8c 32950->32952 32951->32952 32952->32703 32953 cde620 GetWindowsDirectoryA 32952->32953 32954 cde688 32953->32954 32955 cf8900 58 API calls 32954->32955 32958 cde6ec 32954->32958 32956 cde6a1 32955->32956 32957 ce5bb0 58 API calls 32956->32957 32957->32958 32958->32709 32960 cede84 codecvt 32959->32960 32977 ce4780 32960->32977 32964 ce436d __write_nolock 32963->32964 32965 cd1da0 WaitForSingleObject 32964->32965 32966 ce43d5 32965->32966 32967 ce43f6 CreateFileA 32966->32967 32968 ce43e1 32966->32968 32970 ce4418 32967->32970 32973 ce442e __expandlocale 32967->32973 32969 cd6df0 ReleaseMutex 32968->32969 32971 ce43ec 32969->32971 32972 cd6df0 ReleaseMutex 32970->32972 32971->32718 32971->32720 32972->32971 32974 ce449d WriteFile 32973->32974 32974->32973 32975 ce4549 CloseHandle 32974->32975 32993 cd6df0 ReleaseMutex 32975->32993 32980 cd8950 32977->32980 32981 cd8960 _DebugHeapAllocator 32980->32981 32984 ce7dd0 32981->32984 32983 cd8970 32983->32710 32985 ce7de3 _DebugHeapAllocator 32984->32985 32986 ce7e0a 32985->32986 32987 ce7dea std::ios_base::clear 32985->32987 32992 cdbea0 59 API calls 2 library calls 32986->32992 32991 cde390 59 API calls 4 library calls 32987->32991 32990 ce7e08 std::ios_base::clear char_traits 32990->32983 32991->32990 32992->32990 32994 cd6e11 32993->32994 32994->32971 32995->32796 32996->32799 32997->32798 32999 cfa48d __fcloseall 32998->32999 33000 d0050d __lock 51 API calls 32999->33000 33001 cfa494 33000->33001 33002 cfa4c2 DecodePointer 33001->33002 33004 cfa54d _doexit 33001->33004 33002->33004 33005 cfa4d9 DecodePointer 33002->33005 33018 cfa59b 33004->33018 33012 cfa4e9 33005->33012 33007 cfa5aa __fcloseall 33007->32809 33009 cfa592 33011 cfa17e _malloc 3 API calls 33009->33011 33010 cfa4f6 EncodePointer 33010->33012 33014 cfa59b 33011->33014 33012->33004 33012->33010 33013 cfa506 DecodePointer EncodePointer 33012->33013 33016 cfa518 DecodePointer DecodePointer 33013->33016 33015 cfa5a8 33014->33015 33023 d00697 LeaveCriticalSection 33014->33023 33015->32809 33016->33012 33019 cfa57b 33018->33019 33020 cfa5a1 33018->33020 33019->33007 33022 d00697 LeaveCriticalSection 33019->33022 33024 d00697 LeaveCriticalSection 33020->33024 33022->33009 33023->33015 33024->33019 33026 cdcdb9 allocator 33025->33026 33128 cf5d20 33026->33128 33028 cdcdd7 codecvt 33029 cf5d20 58 API calls 33028->33029 33030 cdce42 33029->33030 33137 cd9400 33030->33137 33032 cdce55 33146 ce8020 33032->33146 33036 cf8900 58 API calls 33035->33036 33037 cde81b 33036->33037 33038 ce5bb0 58 API calls 33037->33038 33039 cde869 GetProcessHeap 33038->33039 33040 cde882 33039->33040 33045 cde87b 33039->33045 33041 cf8900 58 API calls 33040->33041 33042 cde88e LoadLibraryA 33041->33042 33043 ce5bb0 58 API calls 33042->33043 33044 cde903 33043->33044 33044->33045 33046 cf8900 58 API calls 33044->33046 33069 cdcfc0 33045->33069 33047 cde9c7 GetProcAddress 33046->33047 33048 ce5bb0 58 API calls 33047->33048 33049 cde9e9 33048->33049 33050 cdea03 HeapAlloc 33049->33050 33051 cde9f2 FreeLibrary 33049->33051 33052 cdea4d GetAdaptersInfo 33050->33052 33053 cdea3c FreeLibrary 33050->33053 33051->33045 33054 cdea65 HeapFree HeapAlloc 33052->33054 33055 cdeb04 GetAdaptersInfo 33052->33055 33053->33045 33056 cdeaab 33054->33056 33057 cdea9a FreeLibrary 33054->33057 33058 cdeb34 33055->33058 33068 cded9e 33055->33068 33056->33055 33057->33045 33059 cf8900 58 API calls 33058->33059 33062 cdeb40 33059->33062 33060 cdefdd FreeLibrary 33060->33045 33061 cdefcd HeapFree 33061->33060 33063 ce5bb0 58 API calls 33062->33063 33064 cdec20 33063->33064 33065 cf8900 58 API calls 33064->33065 33064->33068 33066 cded4d 33065->33066 33067 ce5bb0 58 API calls 33066->33067 33067->33068 33068->33060 33068->33061 33070 cdcfdd allocator 33069->33070 33071 cf5d20 58 API calls 33070->33071 33072 cdd0c9 codecvt 33071->33072 33073 cf5d20 58 API calls 33072->33073 33074 cdd1bc 33073->33074 33075 cd9400 59 API calls 33074->33075 33076 cdd1cf 33075->33076 33077 ce8020 58 API calls 33076->33077 33078 cdd201 33077->33078 33078->32832 33080 cdc96f _memset 33079->33080 33081 cf8900 58 API calls 33080->33081 33082 cdc98e 33081->33082 33083 ce5bb0 58 API calls 33082->33083 33084 cdca97 33083->33084 33084->32867 33086 cf8900 58 API calls 33085->33086 33087 cd2639 33086->33087 33088 cf8900 58 API calls 33087->33088 33089 cd264b 33088->33089 33090 cfb368 __snprintf 83 API calls 33089->33090 33091 cd2670 33090->33091 33092 cf8900 58 API calls 33091->33092 33093 cd267f 33092->33093 33094 ce5bb0 58 API calls 33093->33094 33095 cd2690 33094->33095 33096 cfb368 __snprintf 83 API calls 33095->33096 33097 cd26b2 33096->33097 33098 cf8900 58 API calls 33097->33098 33099 cd26c1 33098->33099 33100 ce5bb0 58 API calls 33099->33100 33101 cd26d2 33100->33101 33102 cfb368 __snprintf 83 API calls 33101->33102 33103 cd26e6 33102->33103 33104 ce5bb0 58 API calls 33103->33104 33114 cd2716 33104->33114 33105 cd31b4 33106 ce5bb0 58 API calls 33105->33106 33107 cd31bf 33106->33107 33107->32871 33109 ce0880 59 API calls 33109->33114 33111 cd2bb7 33111->33105 33112 cd2f40 33111->33112 33116 ce0880 59 API calls 33111->33116 33154 cebd40 59 API calls std::ios_base::clear 33111->33154 33112->33105 33155 ce0880 59 API calls 33112->33155 33156 cebd40 59 API calls std::ios_base::clear 33112->33156 33114->33109 33114->33111 33153 cebd40 59 API calls std::ios_base::clear 33114->33153 33116->33111 33118 cf57cb 33117->33118 33119 cd9400 59 API calls 33118->33119 33120 cf5800 33119->33120 33120->32873 33157 cd9370 33121->33157 33123 cec899 33161 cfb5d9 33123->33161 33125 cec8af __expandlocale 33126 cd9400 59 API calls 33125->33126 33127 cec91e 33125->33127 33126->33127 33127->32875 33129 cf5d36 33128->33129 33130 cf5faa 33129->33130 33131 cf5f05 33129->33131 33134 cf5f68 __expandlocale 33129->33134 33132 cfa6fd _malloc 58 API calls 33130->33132 33133 cfa6fd _malloc 58 API calls 33131->33133 33135 cf5fb9 _memset __expandlocale 33132->33135 33133->33134 33134->33028 33136 cfa688 _free 58 API calls 33135->33136 33136->33134 33138 cd9415 _DebugHeapAllocator 33137->33138 33139 cd943c 33138->33139 33140 cd941c std::ios_base::clear 33138->33140 33141 cd9455 33139->33141 33151 cec150 59 API calls std::ios_base::clear 33139->33151 33150 cd7160 59 API calls 3 library calls 33140->33150 33145 cd943a std::ios_base::clear char_traits 33141->33145 33152 cdbea0 59 API calls 2 library calls 33141->33152 33145->33032 33148 ce8038 _memset 33146->33148 33147 cdce5e 33147->32827 33148->33147 33149 cfa688 _free 58 API calls 33148->33149 33149->33147 33150->33145 33151->33141 33152->33145 33153->33114 33154->33111 33155->33112 33156->33112 33158 cd93a8 codecvt 33157->33158 33159 cd93f0 33158->33159 33165 ce67c0 33158->33165 33159->33123 33162 d0adeb __EH_prolog3_catch 33161->33162 33163 cf94dd _Allocate 59 API calls 33162->33163 33164 d0ae03 33163->33164 33164->33125 33166 ce6804 33165->33166 33167 cd1da0 WaitForSingleObject 33166->33167 33168 ce686c 33167->33168 33169 cf8900 58 API calls 33168->33169 33188 ce6937 33168->33188 33172 ce6888 GetProcAddress 33169->33172 33170 ce69b2 33175 ce6a3b 33170->33175 33191 cfa657 58 API calls CallCatchBlock 33170->33191 33171 ce699c CryptGenRandom 33171->33170 33173 cf8900 58 API calls 33172->33173 33176 ce68af 33173->33176 33178 cd6df0 ReleaseMutex 33175->33178 33180 ce5bb0 58 API calls 33176->33180 33177 ce69ce 33192 cfa657 58 API calls CallCatchBlock 33177->33192 33179 ce6b5f 33178->33179 33179->33158 33182 ce68c0 GetProcAddress 33180->33182 33184 ce5bb0 58 API calls 33182->33184 33183 ce69d6 33193 cfa657 58 API calls CallCatchBlock 33183->33193 33186 ce68e3 33184->33186 33186->33188 33190 ce6920 CryptAcquireContextA 33186->33190 33187 ce6a33 33194 cfa657 58 API calls CallCatchBlock 33187->33194 33188->33170 33188->33171 33190->33188 33191->33177 33192->33183 33193->33187 33194->33175 33196 cfa7bd __time64 33195->33196 33196->32878 33198 ce1d0d __write_nolock 33197->33198 33199 cd1da0 WaitForSingleObject 33198->33199 33200 ce1f46 CreateFileA 33199->33200 33201 ce1f7f ReadFile 33200->33201 33202 ce1f6b 33200->33202 33206 ce1fe9 33201->33206 33203 cd6df0 ReleaseMutex 33202->33203 33205 ce21f0 _memset 33203->33205 33205->32886 33206->33201 33208 cf57c0 59 API calls 33206->33208 33209 ce2036 CloseHandle 33206->33209 33212 ce200f _memset 33206->33212 33213 ce92d0 59 API calls 33206->33213 33207 ce21b5 CloseHandle 33207->33202 33208->33206 33210 ce208e 33209->33210 33211 cd6df0 ReleaseMutex 33210->33211 33211->33212 33212->33205 33212->33207 33213->33206 33215 ce7f01 CreateProcessA 33214->33215 33215->32898 33215->32899 33216->32921 33217->32927 33218->32926 33219->32927 33220->32928 33221->32927

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 00CEE9C0 Relevance: 270.6, APIs: 150, Strings: 2, Instructions: 4607libraryloadersleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CEECF9
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CEED7D
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?), ref: 00CEEF7A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF009
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF0CA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF194
                                                                                                                                                                                                                  • Part of subcall function 00CF8900: _malloc.LIBCMT ref: 00CF897B
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _memset.LIBCMT ref: 00CE5C01
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _free.LIBCMT ref: 00CE5C43
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF2E2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF320
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF35E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF39C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF3DA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF418
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF47E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF4F9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF57A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF670
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF6AF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF77F
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF7FC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF853
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEF9FD
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFA3C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFA7B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFAD8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFB4E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFBE8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFC27
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFCA7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFCE5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFD53
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFD91
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFDCF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFE4A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFE89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFEC8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFF70
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CEFFAE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0013
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0051
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF00B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF00F7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF024B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF028A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF02D5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0314
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0353
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF03BC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF041D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF04E0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF054B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF065A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0699
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0790
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF07D9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0838
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0877
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF08E6
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0925
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0964
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF09D3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0AE9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0BD4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0C52
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0CD9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0D2B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0D6A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0E21
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CF0EA6
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 00CF0EF6
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00CF0F92
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF0FEE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF102D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF10E2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF1131
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF118A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF11C9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF1208
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF12B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF12F8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF14DB
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF15E0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF1634
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF1673
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF16B2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF1730
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF176E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CF17E5
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 00CF18B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF18F8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1990
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF19CF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1A26
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1A89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1AD8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1B3B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1BAA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1C18
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1D36
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1D75
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1DB4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1DF3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1E32
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1E89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1EF0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF1FA7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF201D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF205B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF2118
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF2175
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF21B4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF21F3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF2232
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CF2299
                                                                                                                                                                                                                  • Part of subcall function 00CD7DE0: GetSystemTime.KERNEL32(?,?,?,?,?,?,00CD74FC), ref: 00CD7E5C
                                                                                                                                                                                                                  • Part of subcall function 00CD7DE0: GetTickCount.KERNEL32 ref: 00CD7EEF
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(?,C:\Users\user,00000104), ref: 00CF233E
                                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 00CF2391
                                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 00CF23AC
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 00CF23BD
                                                                                                                                                                                                                  • Part of subcall function 00CF94DD: _malloc.LIBCMT ref: 00CF94F5
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00CF2543
                                                                                                                                                                                                                • __itow.LIBCMT ref: 00CF254A
                                                                                                                                                                                                                  • Part of subcall function 00CEACD0: GetVersionExA.KERNEL32(00D36DB8), ref: 00CEAD42
                                                                                                                                                                                                                  • Part of subcall function 00CEACD0: CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00CEAE1E
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 00CF2A37
                                                                                                                                                                                                                  • Part of subcall function 00CFA7E0: ___copy_path_to_wide_string.LIBCMT ref: 00CFA7F5
                                                                                                                                                                                                                • Sleep.KERNEL32(00000D05), ref: 00CF2A7E
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 00CF2A92
                                                                                                                                                                                                                  • Part of subcall function 00CFA7E0: __wstat64i32.LIBCMT ref: 00CFA80D
                                                                                                                                                                                                                  • Part of subcall function 00CFA7E0: _free.LIBCMT ref: 00CFA817
                                                                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 00CF2C44
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 00CF2C57
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000200), ref: 00CF2C8C
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000080), ref: 00CF2C9B
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,00000000,00000000), ref: 00CF2CE0
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000002), ref: 00CF2F2B
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000080), ref: 00CF2F3C
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 00CF302E
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 00CF3071
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000200), ref: 00CF313E
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00CF3379
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 00CF33B9
                                                                                                                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 00CF3912
                                                                                                                                                                                                                  • Part of subcall function 00CE1CE0: _strstr.LIBCMT ref: 00CE1CEB
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000114), ref: 00CF3AA1
                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(?,00000080), ref: 00CF3AB3
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,?,00000000), ref: 00CF3AC9
                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(?,00000002), ref: 00CF3AE0
                                                                                                                                                                                                                • Sleep.KERNELBASE(000003E8), ref: 00CF3B3C
                                                                                                                                                                                                                  • Part of subcall function 00CE4900: _memset.LIBCMT ref: 00CE4A25
                                                                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 00CF3BD1
                                                                                                                                                                                                                  • Part of subcall function 00CFAE47: __fsopen.LIBCMT ref: 00CFAE52
                                                                                                                                                                                                                  • Part of subcall function 00CD2240: Sleep.KERNEL32(000003E8), ref: 00CD22FA
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(C:\bamqdjw\czmruiag.exe,00000080), ref: 00CF3BE3
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,C:\bamqdjw\czmruiag.exe,00000000), ref: 00CF3BF7
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(C:\bamqdjw\czmruiag.exe,00000002), ref: 00CF3C44
                                                                                                                                                                                                                  • Part of subcall function 00CE6E60: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00CE6EEE
                                                                                                                                                                                                                  • Part of subcall function 00CE6E60: Process32First.KERNEL32(00000000,00000128), ref: 00CE6F71
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CF3E23
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CF3EF4
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CF3F0A
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00007390,00000000,00000000,00000000), ref: 00CF3F21
                                                                                                                                                                                                                • Sleep.KERNEL32(0000C350), ref: 00CF3F63
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 00CF263F
                                                                                                                                                                                                                  • Part of subcall function 00CFA5B0: _doexit.LIBCMT ref: 00CFA5BA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$File$AttributesSleep$Create$_memset$LibraryLoad$CopyModuleMutex__stat32i64_malloc$CommandCountHandleLineNameTick_free$CloseDirectoryEnvironmentFirstProcess32SnapshotStartupSystemThreadTimeToolhelp32VariableVersion___copy_path_to_wide_string__fsopen__itow__snprintf__wstat64i32_doexit_strstr
                                                                                                                                                                                                                • String ID: C:\Users\user$C:\bamqdjw\czmruiag.exe
                                                                                                                                                                                                                • API String ID: 3228906957-2192419724
                                                                                                                                                                                                                • Opcode ID: 6a2993e93b286f81341e390015ee4030833e58aa1c35423e73431e36d549415e
                                                                                                                                                                                                                • Instruction ID: 04d3c4eb20090a1f82767b281f45f88d8fe1e9d807c6a34506e32c6af2b5189b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a2993e93b286f81341e390015ee4030833e58aa1c35423e73431e36d549415e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCA3BAB1900B089FC756CF74FC41BA9B7B4BF99341F008259E509E636AEBB15A81CF61
                                                                                                                                                                                                                Function 00CDE7A0 Relevance: 25.0, APIs: 13, Strings: 1, Instructions: 510memorylibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1045 cde7a0-cde830 call cf8900 1048 cde836-cde85c 1045->1048 1048->1048 1049 cde85e-cde879 call ce5bb0 GetProcessHeap 1048->1049 1052 cde87b-cde87d 1049->1052 1053 cde882-cde91c call cf8900 LoadLibraryA call ce5bb0 1049->1053 1054 cdf042-cdf045 1052->1054 1059 cde9bb-cde9f0 call cf8900 GetProcAddress call ce5bb0 1053->1059 1060 cde922-cde99e 1053->1060 1067 cdea03-cdea3a HeapAlloc 1059->1067 1068 cde9f2-cde9fe FreeLibrary 1059->1068 1061 cde9b4-cde9b6 1060->1061 1062 cde9a0-cde9ad 1060->1062 1061->1054 1062->1061 1069 cdea4d-cdea5f GetAdaptersInfo 1067->1069 1070 cdea3c-cdea48 FreeLibrary 1067->1070 1068->1054 1071 cdea65-cdea98 HeapFree HeapAlloc 1069->1071 1072 cdeb04-cdeb2e GetAdaptersInfo 1069->1072 1070->1054 1073 cdeaab-cdeaea 1071->1073 1074 cdea9a-cdeaa6 FreeLibrary 1071->1074 1075 cdefb8-cdefcb 1072->1075 1076 cdeb34-cdeb58 call cf8900 1072->1076 1073->1072 1077 cdeaec-cdeafc 1073->1077 1074->1054 1079 cdefdd-cdf03f FreeLibrary 1075->1079 1080 cdefcd-cdefd7 HeapFree 1075->1080 1082 cdeb5e-cdeb84 1076->1082 1077->1072 1079->1054 1080->1079 1082->1082 1083 cdeb86-cdebd2 1082->1083 1084 cdec15-cdec26 call ce5bb0 1083->1084 1085 cdebd4-cdec0e 1083->1085 1088 cdec29-cdec2d 1084->1088 1085->1084 1089 cdef98-cdefb2 1088->1089 1090 cdec33-cdec44 1088->1090 1089->1075 1091 cdec47-cdec54 1090->1091 1092 cdec84-cdec89 1091->1092 1093 cdec56-cdec5a 1091->1093 1096 cdec8c-cdec9c 1092->1096 1094 cdec5c-cdec6b 1093->1094 1095 cdec7b-cdec82 1093->1095 1094->1092 1097 cdec6d-cdec79 1094->1097 1095->1096 1098 cdef2f-cdef93 1096->1098 1099 cdeca2-cdecb4 1096->1099 1097->1091 1097->1095 1098->1088 1100 cdecb7-cdecc4 1099->1100 1101 cdecf4-cdecf9 1100->1101 1102 cdecc6-cdecca 1100->1102 1105 cdecfc-cded12 1101->1105 1103 cdeccc-cdecdb 1102->1103 1104 cdeceb-cdecf2 1102->1104 1103->1101 1106 cdecdd-cdece9 1103->1106 1104->1105 1105->1098 1107 cded18-cded22 1105->1107 1106->1100 1106->1104 1108 cded24 1107->1108 1109 cded41-cded65 call cf8900 1107->1109 1108->1088 1112 cded6b-cded91 1109->1112 1112->1112 1113 cded93-cdeda1 call ce5bb0 1112->1113 1116 cdeda8-cdedb4 1113->1116 1117 cdee8c-cdef2d 1116->1117 1118 cdedba-cdee17 1116->1118 1117->1089 1119 cdee1e-cdee87 1118->1119 1120 cdee19-cdee1d 1118->1120 1119->1116 1120->1119
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00CF8900: _malloc.LIBCMT ref: 00CF897B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00CDE86C
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 00CDE8C8
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _memset.LIBCMT ref: 00CE5C01
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _free.LIBCMT ref: 00CE5C43
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00CDE9D5
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00CDE9F6
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000288), ref: 00CDEA2D
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00CDEA40
                                                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 00CDEA55
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00CDEA7B
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000288), ref: 00CDEA8B
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00CDEA9E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeHeapLibrary$Alloc$AdaptersAddressInfoLoadProcProcess_free_malloc_memset
                                                                                                                                                                                                                • String ID: o
                                                                                                                                                                                                                • API String ID: 1543936905-252678980
                                                                                                                                                                                                                • Opcode ID: 6c47473ae26289128500f03b5d26738198bc00f15669dbf32425ead828f5fb71
                                                                                                                                                                                                                • Instruction ID: df2cf9bac07516b749f43fe592ecd6426682ab051385c8039c009f727d52633c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c47473ae26289128500f03b5d26738198bc00f15669dbf32425ead828f5fb71
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC428774D00B489FCB16CFA9E8806AEBBB1BF99300F14825AD505BB365E7716985CF60
                                                                                                                                                                                                                Function 00CE8DE0 Relevance: 13.6, APIs: 9, Instructions: 132serviceCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1189 ce8de0-ce8e60 OpenSCManagerA 1190 ce9006-ce9025 1189->1190 1191 ce8e66-ce8ec3 CreateServiceA 1189->1191 1192 ce8ef8-ce8efc 1191->1192 1193 ce8ec5-ce8ef0 1191->1193 1194 ce8fc8-ce8fe2 OpenServiceA 1192->1194 1195 ce8f02-ce8fc6 ChangeServiceConfig2A StartServiceA CloseServiceHandle 1192->1195 1193->1192 1196 ce8ffc-ce9000 CloseServiceHandle 1194->1196 1197 ce8fe4-ce8ff6 StartServiceA CloseServiceHandle 1194->1197 1195->1196 1196->1190 1197->1196
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenSCManagerA.SECHOST(00000000,00000000,00000002), ref: 00CE8E53
                                                                                                                                                                                                                • CreateServiceA.ADVAPI32(00000000,00A318C8,00A318C8,000F01FF,00000110,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00CE8E94
                                                                                                                                                                                                                • ChangeServiceConfig2A.ADVAPI32(00000000,00000001,?), ref: 00CE8F35
                                                                                                                                                                                                                • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00CE8F6C
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00CE8F76
                                                                                                                                                                                                                • OpenServiceA.ADVAPI32(00000000,00A318C8,00000010), ref: 00CE8FD5
                                                                                                                                                                                                                • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00CE8FEC
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00CE8FF6
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00CE9000
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Service$CloseHandle$OpenStart$ChangeConfig2CreateManager
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3525021261-0
                                                                                                                                                                                                                • Opcode ID: 92b58a301d63711a54f26b6d0201542fd73969f479c40ac0702ee5ffe48cebd1
                                                                                                                                                                                                                • Instruction ID: c1fce2f9955cc4d7ff404b1e6ba2349c8631c3501e7fb3478a6754b6fb236a4c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92b58a301d63711a54f26b6d0201542fd73969f479c40ac0702ee5ffe48cebd1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4951F875900F08AEC30ADFB4FC65B5AB775BB89741F108219E506E73A8EB719481CB64
                                                                                                                                                                                                                Function 00CE67C0 Relevance: 12.2, APIs: 8, Instructions: 201libraryencryptionloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1198 ce67c0-ce6802 1199 ce6804-ce685b 1198->1199 1200 ce6860-ce6876 call cd1da0 1198->1200 1199->1200 1203 ce687c-ce6915 call cf8900 GetProcAddress call cf8900 call ce5bb0 GetProcAddress call ce5bb0 1200->1203 1204 ce6993-ce699a 1200->1204 1229 ce6937-ce6971 1203->1229 1230 ce6917-ce691e 1203->1230 1206 ce69bc-ce69c3 1204->1206 1207 ce699c-ce69b0 CryptGenRandom 1204->1207 1210 ce6a4d-ce6aa2 1206->1210 1211 ce69c9-ce6a48 call cfa657 * 4 1206->1211 1207->1206 1208 ce69b2 1207->1208 1208->1206 1214 ce6aa8-ce6b34 1210->1214 1215 ce6b54-ce6b69 call cd6df0 1210->1215 1211->1210 1214->1215 1218 ce6b36-ce6b4e 1214->1218 1218->1215 1234 ce6987 1229->1234 1235 ce6973-ce6980 1229->1235 1230->1229 1232 ce6920-ce6935 CryptAcquireContextA 1230->1232 1232->1229 1236 ce6989 1232->1236 1234->1204 1235->1234 1236->1204
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CE6898
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CE68CD
                                                                                                                                                                                                                • CryptAcquireContextA.ADVAPI32(00D375B0,00000000,00000000,00000001,00000000), ref: 00CE692D
                                                                                                                                                                                                                • CryptGenRandom.ADVAPI32(00000000,00000004,00CD888B,?,?,?,?,?,?,?,?,?,?,?,?,00CD888B), ref: 00CE69A8
                                                                                                                                                                                                                • _rand.LIBCMT ref: 00CE69C9
                                                                                                                                                                                                                • _rand.LIBCMT ref: 00CE69D1
                                                                                                                                                                                                                • _rand.LIBCMT ref: 00CE6A2E
                                                                                                                                                                                                                • _rand.LIBCMT ref: 00CE6A36
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _rand$AddressCryptProc$AcquireContextRandom
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3501257216-0
                                                                                                                                                                                                                • Opcode ID: 4556fe446d52a5d219a18898bc273fd1a72697dce69685bd2719ad0339db7993
                                                                                                                                                                                                                • Instruction ID: 16b20c3b0a15d5c20868ee27ab8b926f1557d9ea3ae5ac7f4c2f34fc03411e43
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4556fe446d52a5d219a18898bc273fd1a72697dce69685bd2719ad0339db7993
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31918AB1810F488FC31ACF79FD41669B7B5BB99381B048219E505EB3A9E7715481CB74
                                                                                                                                                                                                                Function 00CEACD0 Relevance: 30.7, APIs: 15, Strings: 2, Instructions: 936fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 862 ceacd0-cead63 call cdd580 GetVersionExA call cda200 call cd6ca0 869 cead69-ceada6 call cde620 862->869 870 ceaec7-ceaecf 862->870 876 ceadac-ceadbc 869->876 871 ceaed7-ceaf36 call cf8900 call cede40 call ce5bb0 870->871 885 ceaf38-ceaf50 871->885 886 ceaf79-ceaf89 871->886 876->876 877 ceadbe-ceade2 876->877 880 ceade5-ceadf6 877->880 880->880 882 ceadf8-ceae2b CreateDirectoryA call cf8900 880->882 887 ceae30-ceae45 882->887 888 ceaf77 885->888 889 ceaf52-ceaf6f 885->889 891 ceaf91-ceafbf call ce0d00 call ce0a50 call ce4360 886->891 890 ceae4b-ceae5b 887->890 888->891 889->888 890->890 892 ceae5d-ceae81 890->892 903 ceb0de-ceb188 call cde620 891->903 904 ceafc5-ceb01b 891->904 894 ceae84-ceae95 892->894 894->894 896 ceae97-ceaec5 call ce5bb0 894->896 896->871 911 ceb18e-ceb19e 903->911 906 ceb01d-ceb06a 904->906 907 ceb072-ceb09e DeleteFileA 904->907 906->907 908 ceb0a0-ceb0cc 907->908 909 ceb0d1-ceb0d8 RemoveDirectoryA 907->909 908->909 909->903 911->911 912 ceb1a0-ceb1c4 911->912 913 ceb1c7-ceb1d8 912->913 913->913 914 ceb1da-ceb219 CreateDirectoryA 913->914 915 ceb21f-ceb245 914->915 915->915 916 ceb247-ceb24e 915->916 917 ceb25a-ceb29c call ceaa00 CreateDirectoryA call cf8900 916->917 918 ceb250 916->918 923 ceb2a2-ceb2b2 917->923 918->917 923->923 924 ceb2b4-ceb2d8 923->924 925 ceb2db-ceb2ec 924->925 925->925 926 ceb2ee-ceb398 call cf8900 call ce5bb0 925->926 931 ceb39e-ceb42c 926->931 932 ceb457-ceb4da call cede40 call ce5bb0 call ce0d00 call ce0a50 call ce4360 926->932 931->932 933 ceb42e-ceb451 931->933 944 cebbba-cebc2f call ceaa00 SetFileAttributesA 932->944 945 ceb4e0-ceb4e7 932->945 933->932 953 cebcee-cebd14 call cfecc0 call ce0810 944->953 954 cebc35-cebca0 944->954 947 ceb4e9-ceb52f call cf8900 call cfb368 call ce5bb0 945->947 948 ceb531-ceb574 call cf8900 call cfb368 call ce5bb0 945->948 970 ceb577-ceb5ac 947->970 948->970 957 cebcda-cebce6 954->957 958 cebca2-cebcd8 954->958 957->953 958->953 971 ceb5b2-ceb5c2 970->971 971->971 972 ceb5c4-ceb5e8 971->972 973 ceb5eb-ceb5fc 972->973 973->973 974 ceb5fe-ceb63d CreateDirectoryA 973->974 975 ceb643-ceb669 974->975 975->975 976 ceb66b-ceb6dd call ceaa00 CreateDirectoryA call cf8900 975->976 981 ceb6e3-ceb6f3 976->981 981->981 982 ceb6f5-ceb719 981->982 983 ceb71c-ceb72d 982->983 983->983 984 ceb72f-ceb7c3 call cf8900 call ce5bb0 call cede40 call ce5bb0 call ce0d00 call ce0a50 call ce4360 983->984 984->944 999 ceb7c9-ceb7ea GetTempPathA 984->999 1000 ceb7f0-ceb800 999->1000 1000->1000 1001 ceb802-ceb829 1000->1001 1002 ceb834-ceb838 1001->1002 1003 ceb89f-ceb8b2 1002->1003 1004 ceb83a-ceb848 1002->1004 1007 ceb8b8-ceb8de 1003->1007 1005 ceb89d 1004->1005 1006 ceb84a-ceb89b 1004->1006 1005->1002 1006->1003 1007->1007 1009 ceb8e0-ceb936 call ceaa00 CreateDirectoryA call cf8900 1007->1009 1014 ceb93c-ceb94c 1009->1014 1014->1014 1015 ceb94e-ceb972 1014->1015 1016 ceb975-ceb986 1015->1016 1016->1016 1017 ceb988-ceba1c call cf8900 call ce5bb0 call cede40 call ce5bb0 call ce0d00 call ce0a50 call ce4360 1016->1017 1032 cebb3a-cebb7e 1017->1032 1033 ceba22-ceba4a GetTempPathA 1017->1033 1032->944 1034 cebb80-cebbb5 1032->1034 1035 ceba50-ceba7f 1033->1035 1034->944 1035->1035 1036 ceba81-cebaa2 call cf8900 1035->1036 1039 cebaa8-cebab8 1036->1039 1039->1039 1040 cebaba-cebade 1039->1040 1041 cebae1-cebaf2 1040->1041 1041->1041 1042 cebaf4-cebb32 call ce5bb0 1041->1042 1042->1032
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersionExA.KERNEL32(00D36DB8), ref: 00CEAD42
                                                                                                                                                                                                                  • Part of subcall function 00CDA200: AllocateAndInitializeSid.ADVAPI32(00000000,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00CDA311
                                                                                                                                                                                                                  • Part of subcall function 00CDA200: CheckTokenMembership.ADVAPI32(00000000,?,00000000), ref: 00CDA349
                                                                                                                                                                                                                  • Part of subcall function 00CD6CA0: GetProcAddress.KERNEL32(74DD0000,?), ref: 00CD6CE8
                                                                                                                                                                                                                  • Part of subcall function 00CD6CA0: GetCurrentProcess.KERNEL32(00000000), ref: 00CD6D82
                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00CEAE1E
                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(00000000,?,?,?,?,?,?), ref: 00CEB079
                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(00000000,?,?,?,?,?,?), ref: 00CEB0D8
                                                                                                                                                                                                                  • Part of subcall function 00CDE620: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00CDE679
                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?), ref: 00CEB200
                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?), ref: 00CEB275
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _memset.LIBCMT ref: 00CE5C01
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _free.LIBCMT ref: 00CE5C43
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CEB516
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CEB55E
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CEB624
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00CEB692
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,00000000,?,?,?,?,?,?), ref: 00CEB7D5
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 00CEB8FB
                                                                                                                                                                                                                  • Part of subcall function 00CF8900: _malloc.LIBCMT ref: 00CF897B
                                                                                                                                                                                                                  • Part of subcall function 00CE4360: CreateFileA.KERNELBASE(00000002,40000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 00CE4409
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,00000000,?,?,?,?,?,?), ref: 00CEBA2E
                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(00000000,00000002,?,?,?,?,?,?,?), ref: 00CEBBEE
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CEBCFC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Directory$Create$File$PathTemp__snprintf_memset$AddressAllocateAttributesCheckCurrentDeleteInitializeMembershipProcProcessRemoveTokenVersionWindows_free_malloc
                                                                                                                                                                                                                • String ID: C:\Users\user$\
                                                                                                                                                                                                                • API String ID: 3801090003-732849219
                                                                                                                                                                                                                • Opcode ID: 172d1f14d8897213d85a39167ea01bc2786010265ea1629f27eaebcc13fa762f
                                                                                                                                                                                                                • Instruction ID: 74fb2cdb26ff5f1fe388ddfc44c2692558a6d28742c29662b1769bf255c16bb0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 172d1f14d8897213d85a39167ea01bc2786010265ea1629f27eaebcc13fa762f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15A27975C00B588FCB15CFA8EC91BADBBB1BF49304F148299E50AA7355EB705A84CF60
                                                                                                                                                                                                                Function 00CFEEA4 Relevance: 24.1, APIs: 16, Instructions: 89COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1121 cfeea4-cfeed6 call d0c365 call cffdf0 call d008f3 call d0c318 1131 cfeedc-cfeeeb 1121->1131 1132 cfeed8-cfeeda 1121->1132 1131->1132 1134 cfeeed-cfeef9 1131->1134 1133 cfef0f-cfef19 call d02a93 1132->1133 1139 cfef1b-cfef22 call cff044 1133->1139 1140 cfef23-cfef2a call d029fa 1133->1140 1134->1132 1135 cfeefb-cfef04 1134->1135 1135->1133 1137 cfef06-cfef0c 1135->1137 1137->1133 1139->1140 1145 cfef2c-cfef33 call cff044 1140->1145 1146 cfef34-cfef44 call d004cd call d0a5a6 1140->1146 1145->1146 1153 cfef4e-cfef6a GetCommandLineA call d0c401 call d0c008 1146->1153 1154 cfef46-cfef4d call cff044 1146->1154 1161 cfef6c-cfef73 call cfa2a1 1153->1161 1162 cfef74-cfef7b call d0c237 1153->1162 1154->1153 1161->1162 1167 cfef7d-cfef84 call cfa2a1 1162->1167 1168 cfef85-cfef8f call cfa2db 1162->1168 1167->1168 1173 cfef98-cfefa6 call d0c48e call ce2280 1168->1173 1174 cfef91-cfef97 call cfa2a1 1168->1174 1180 cfefab-cfefb2 1173->1180 1174->1173 1181 cfefba-cfeffd call cfa2cc call cffe35 1180->1181 1182 cfefb4-cfefb5 call cfa5b0 1180->1182 1182->1181
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __amsg_exit_fast_error_exit$___crt$CommandEnvironmentInfoInitializeLineModeShowStartupStringsWindow___security_init_cookie__cinit__ioinit__setargv__setenvp__wincmdln
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 722230336-0
                                                                                                                                                                                                                • Opcode ID: f33e24f5fce0d328b89405ff3d9267bc88f36df400a5dac1908dbad45bedd63a
                                                                                                                                                                                                                • Instruction ID: 07f5a1f2fd995623989cf9ed835f90158a73eff02f02fc3d5b302d9d54afbfad
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f33e24f5fce0d328b89405ff3d9267bc88f36df400a5dac1908dbad45bedd63a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9421D36164530D69EBF077F5994BB3D2154EF10711F20417AF70C9A1E2DEB4D941A273
                                                                                                                                                                                                                Function 00CE1D00 Relevance: 9.3, APIs: 6, Instructions: 252fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1237 ce1d00-ce1d85 call cfb610 1240 ce1e1a-ce1e72 1237->1240 1241 ce1d8b-ce1dd8 1237->1241 1243 ce1ecb-ce1eef 1240->1243 1244 ce1e74-ce1ec9 1240->1244 1241->1240 1242 ce1dda-ce1e12 1241->1242 1242->1240 1245 ce1ef7-ce1f69 call cd7f80 call cd1da0 CreateFileA 1243->1245 1244->1245 1250 ce1f7f-ce200d ReadFile call cf4a20 call ce0d00 call ce92d0 call cdcf10 1245->1250 1251 ce1f6b 1245->1251 1266 ce200f 1250->1266 1267 ce2019-ce2030 call cf57c0 1250->1267 1253 ce21e4-ce2229 call cd6df0 call cfecc0 1251->1253 1263 ce222d-ce2230 1253->1263 1268 ce21b5-ce21dc CloseHandle 1266->1268 1267->1250 1271 ce2036-ce208c CloseHandle 1267->1271 1268->1253 1272 ce208e-ce20cf 1271->1272 1273 ce20d4-ce20ef 1271->1273 1274 ce216e-ce2198 call cd6df0 call cfecc0 1272->1274 1273->1274 1275 ce20f1-ce2169 1273->1275 1274->1263 1274->1268 1275->1274
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00CE1F5C
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CE221F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFile_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3830271748-0
                                                                                                                                                                                                                • Opcode ID: 0dc1cb4e85abdacc07489c752f9493ed21d9368df3c8bb9e163e531c85f39c72
                                                                                                                                                                                                                • Instruction ID: efaa409a68380cb9eff695b4b12f04925782412b32e117120a205d4555b878f1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0dc1cb4e85abdacc07489c752f9493ed21d9368df3c8bb9e163e531c85f39c72
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29C18972810F489AC706CF7AFC81659B375FF99781B148706E502FA3A9EBB06185DF60
                                                                                                                                                                                                                Function 00CE7E90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70processCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1280 ce7e90-ce7f58 call cfecc0 CreateProcessA 1283 ce7f5a-ce7fa0 CloseHandle * 2 1280->1283 1284 ce7fa5-ce7fa8 1280->1284 1283->1284
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CE7EFC
                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,00CD1B70,00000000,00000000,00000000,00000008,00000000,00000000,00000044,?), ref: 00CE7F50
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00CD1B70), ref: 00CE7F5E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CE7F68
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle$CreateProcess_memset
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 3113380336-2746444292
                                                                                                                                                                                                                • Opcode ID: 79d2dc2aff009aa9e5d42d630fdaba1c4a3e4818ed4ecc94bdf68d36251a4569
                                                                                                                                                                                                                • Instruction ID: 752f0b032a898b006a94fb622ebec5850200cb901f3bab950a38b39090aa827d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79d2dc2aff009aa9e5d42d630fdaba1c4a3e4818ed4ecc94bdf68d36251a4569
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D3150B5910B08AFC701CFB8EC41B99B7B4BF89744F108715E50AFB3A4E7B0A5818B24
                                                                                                                                                                                                                Function 00CE8370 Relevance: 5.0, APIs: 3, Instructions: 544COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1285 ce8370-ce83b4 1286 ce83ce-ce83f2 call cdbb10 call cdd580 call cf94dd 1285->1286 1287 ce83b6-ce83c6 1285->1287 1294 ce83f4-ce83ff call ce0c90 1286->1294 1295 ce8401 1286->1295 1287->1286 1296 ce8408-ce8450 1294->1296 1295->1296 1299 ce846e-ce8488 GetComputerNameA 1296->1299 1300 ce8452-ce8454 1296->1300 1302 ce84ea-ce8544 call cf8900 1299->1302 1303 ce848a-ce84ae call cf8900 1299->1303 1300->1299 1301 ce8456-ce8466 1300->1301 1301->1299 1308 ce854a-ce8570 1302->1308 1309 ce84b4-ce84da 1303->1309 1308->1308 1310 ce8572-ce8616 call ce5bb0 call cede40 call cdcd60 1308->1310 1309->1309 1311 ce84dc-ce84e7 call ce5bb0 1309->1311 1320 ce8628-ce8646 1310->1320 1321 ce8618-ce8620 1310->1321 1311->1302 1322 ce864c-ce8672 1320->1322 1321->1320 1322->1322 1323 ce8674-ce8692 1322->1323 1324 ce8695-ce86a5 1323->1324 1324->1324 1325 ce86a7-ce86c2 1324->1325 1326 ce86c5-ce86d6 1325->1326 1326->1326 1327 ce86d8-ce8746 1326->1327 1328 ce874c-ce8778 1327->1328 1329 ce8831-ce8865 call cfecc0 call cde7a0 1327->1329 1330 ce877a-ce87c4 1328->1330 1331 ce87c6-ce882b 1328->1331 1336 ce8868-ce8878 1329->1336 1330->1329 1331->1329 1336->1336 1337 ce887a-ce8969 call cdcfc0 call cdcd60 call cdcfc0 call cdcd60 1336->1337 1346 ce899f-ce89de 1337->1346 1347 ce896b-ce899d 1337->1347 1348 ce89e6-ce8ba3 call cdcfc0 call cdcd60 call cdcfc0 call cdcd60 call cdcfc0 call cdcd60 call cf8900 call cdcfc0 call ce5bb0 call cdcd60 call cdcfc0 call cdcd60 1346->1348 1347->1348 1373 ce8be4-ce8d60 call cdcfc0 call cdcd60 call cdc910 call cd99b0 call cdcfc0 call ce5770 call ce0d00 call ce0a50 call cd2510 call cd7f80 call cf3fd0 call cda460 call cf57c0 call ce5980 call cec870 call cfecc0 call ce0810 call ce7290 1348->1373 1374 ce8ba5-ce8bde 1348->1374 1374->1373
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetComputerNameA.KERNEL32(?,00000010), ref: 00CE8480
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CE883F
                                                                                                                                                                                                                  • Part of subcall function 00CDC910: _memset.LIBCMT ref: 00CDC96A
                                                                                                                                                                                                                  • Part of subcall function 00CE5770: _memset.LIBCMT ref: 00CE579A
                                                                                                                                                                                                                  • Part of subcall function 00CD2510: __snprintf.LIBCMT ref: 00CD266B
                                                                                                                                                                                                                  • Part of subcall function 00CD2510: __snprintf.LIBCMT ref: 00CD26AD
                                                                                                                                                                                                                  • Part of subcall function 00CE5980: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00CE59E9
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CE8D40
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$__snprintf$Affinity::operator!=ComputerConcurrency::details::HardwareName
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3175924889-0
                                                                                                                                                                                                                • Opcode ID: 50c5a9bdfb2330403ead91b2ca2a0cbc4c0a661dae491d53c31d780b561870d4
                                                                                                                                                                                                                • Instruction ID: 1c38c83a0667538005267fa88812e3e7d2ccf5792c79cc6479162981c5d0e204
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50c5a9bdfb2330403ead91b2ca2a0cbc4c0a661dae491d53c31d780b561870d4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98426971C00B488EC716DFB8EC916ADBB75BF99340F10825AE40AB7365EB712586CF60
                                                                                                                                                                                                                Function 00CE4900 Relevance: 4.7, APIs: 3, Instructions: 175COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1411 ce4900-ce4a11 call cdd580 call ceaa00 1416 ce4aaf-ce4af1 1411->1416 1417 ce4a17-ce4a34 call cfecc0 1411->1417 1418 ce4af3-ce4b0a 1416->1418 1419 ce4b11-ce4b2c call cf8900 1416->1419 1423 ce4a98-ce4aaa call ce0810 1417->1423 1424 ce4a36-ce4a60 1417->1424 1418->1419 1428 ce4b2f-ce4b3f 1419->1428 1431 ce4c02-ce4c07 1423->1431 1424->1423 1426 ce4a62-ce4a90 1424->1426 1426->1423 1428->1428 1430 ce4b41-ce4b59 1428->1430 1432 ce4b5c-ce4b6d 1430->1432 1432->1432 1433 ce4b6f-ce4ba4 call ce5bb0 call ce1d00 1432->1433 1437 ce4ba9-ce4bae 1433->1437 1438 ce4bda-ce4bff call cfecc0 call ce0810 1437->1438 1439 ce4bb0-ce4bd8 call cfecc0 call ce0810 1437->1439 1438->1431 1439->1431
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2102423945-0
                                                                                                                                                                                                                • Opcode ID: 16704879869d13abcf7d6e32054633736b8f8a0d6484f42f43bc1284d3cf7f3f
                                                                                                                                                                                                                • Instruction ID: 080011c047a0518b29ff6c9eb4a87f457e1f884320d33f977bfe54841e7a0269
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16704879869d13abcf7d6e32054633736b8f8a0d6484f42f43bc1284d3cf7f3f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0681BC71C00B488FCB0ADFBAF8416ADB771AF99344F148619E506B73A5E7706984CFA1
                                                                                                                                                                                                                Function 00CDA200 Relevance: 4.6, APIs: 3, Instructions: 123memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1448 cda200-cda28a 1449 cda28c-cda2b0 1448->1449 1450 cda2c2-cda31e AllocateAndInitializeSid 1448->1450 1449->1450 1451 cda2b2-cda2ba 1449->1451 1452 cda435-cda437 1450->1452 1453 cda324-cda351 CheckTokenMembership 1450->1453 1451->1450 1454 cda439-cda449 1452->1454 1455 cda451-cda457 1452->1455 1456 cda357-cda39b 1453->1456 1457 cda402-cda42f FreeSid 1453->1457 1454->1455 1458 cda39d-cda3e1 1456->1458 1459 cda3e3-cda3f3 1456->1459 1457->1452 1460 cda3fb 1458->1460 1459->1460 1460->1457
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(00000000,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00CDA311
                                                                                                                                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,00000000), ref: 00CDA349
                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 00CDA42F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3429775523-0
                                                                                                                                                                                                                • Opcode ID: 7391f8c8c20868a594e29c597d9d39ee28197348b6fcac9e86722f9cba592b6a
                                                                                                                                                                                                                • Instruction ID: b5dfa96d275259446342d8143ce2615f7e36c3c5cbc8c0aa7751c537e997340b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7391f8c8c20868a594e29c597d9d39ee28197348b6fcac9e86722f9cba592b6a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D514671810F098EC306CF79FC5135AB774BF9A385F54830AD506FA369EBB191828B65
                                                                                                                                                                                                                Function 00CE4360 Relevance: 4.6, APIs: 3, Instructions: 121fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1461 ce4360-ce43df call cfb610 call cd1da0 1466 ce43f6-ce4416 CreateFileA 1461->1466 1467 ce43e1-ce43f1 call cd6df0 1461->1467 1469 ce442e-ce443e 1466->1469 1470 ce4418-ce4429 call cd6df0 1466->1470 1474 ce4566-ce4569 1467->1474 1473 ce4446-ce444d 1469->1473 1470->1474 1476 ce444f-ce4455 1473->1476 1477 ce4457 1473->1477 1478 ce445e-ce4543 call cfe670 call cf4a20 WriteFile 1476->1478 1477->1478 1478->1473 1483 ce4549-ce4559 CloseHandle call cd6df0 1478->1483 1485 ce455e-ce4561 1483->1485 1485->1474
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00CD1DA0: WaitForSingleObject.KERNEL32(00000108,00004E20,?,?,?,?,00CE686C,00000108), ref: 00CD1EBC
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000002,40000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 00CE4409
                                                                                                                                                                                                                  • Part of subcall function 00CD6DF0: ReleaseMutex.KERNEL32(00CE6B5F,?,00CE6B5F,00000108), ref: 00CD6E07
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFileMutexObjectReleaseSingleWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1564016613-0
                                                                                                                                                                                                                • Opcode ID: 09d1f5917f400d4137c3a35e9d007e6c53175cc4ce02084d359c9fba997d25aa
                                                                                                                                                                                                                • Instruction ID: 068e76d2f9bf9c41d3ecc0769de3319519c20f99aad99bdf19b029552c7ae008
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09d1f5917f400d4137c3a35e9d007e6c53175cc4ce02084d359c9fba997d25aa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB518D75900B48EFC705CFA6FC81B5AB374AF88740F10C619E506A73A5E775AA84DFA0
                                                                                                                                                                                                                Function 00CF94DD Relevance: 4.5, APIs: 3, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1486 cf94dd-cf94e3 1487 cf94f2-cf94fd call cfa6fd 1486->1487 1490 cf94ff-cf9502 1487->1490 1491 cf94e5-cf94f0 call cffc1f 1487->1491 1491->1487 1494 cf9503-cf952d call cff1c4 call cff37c 1491->1494
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CF94F5
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: __FF_MSGBANNER.LIBCMT ref: 00CFA714
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: __NMSG_WRITE.LIBCMT ref: 00CFA71B
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: RtlAllocateHeap.NTDLL(00A20000,00000000,00000001,00000000,00000000,00000000,?,00CFFCE1,00000000,00000000,00000000,00000000,?,00D005F7,00000018,00D33E08), ref: 00CFA740
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00CF9513
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00CF9528
                                                                                                                                                                                                                  • Part of subcall function 00CFF37C: RaiseException.KERNEL32(?,?,?,00D33AD0,?,?,?,?,?,00CF952D,?,00D33AD0,00000000,00000001), ref: 00CFF3D1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3074076210-0
                                                                                                                                                                                                                • Opcode ID: cff0873c5e0c497d46665ddd4d5722adaffbade0fb46eb005700f08ffdcd4c41
                                                                                                                                                                                                                • Instruction ID: a3e9a560a4d767e19918599cbfe7490c694846fdf7fe580da47ae8837b411ec6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cff0873c5e0c497d46665ddd4d5722adaffbade0fb46eb005700f08ffdcd4c41
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BFE0E57040021EAACF40FF64DC119FE7B6CEF10308F004026FA25A6191DF708B55A5A3
                                                                                                                                                                                                                Function 00CE1A50 Relevance: 3.1, APIs: 2, Instructions: 108fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1499 ce1a50-ce1a76 1500 ce1a8f-ce1a96 1499->1500 1501 ce1a78-ce1a8d 1499->1501 1502 ce1af3-ce1b24 call ceaa00 call cf8900 1500->1502 1503 ce1a98-ce1aeb 1500->1503 1501->1502 1508 ce1b27-ce1b37 1502->1508 1503->1502 1508->1508 1509 ce1b39-ce1b51 1508->1509 1510 ce1b54-ce1b65 1509->1510 1510->1510 1511 ce1b67-ce1bb4 call ce5bb0 CreateFileA 1510->1511 1514 ce1bbf 1511->1514 1515 ce1bb6-ce1bbd 1511->1515 1516 ce1bc6-ce1be4 call cfecc0 1514->1516 1515->1516
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000000,00000000), ref: 00CE1BA2
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CE1BD4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFile_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3830271748-0
                                                                                                                                                                                                                • Opcode ID: d0996011785909f7aff37bdcdb090ec47f0736a28c7729383dad6984cc6c337c
                                                                                                                                                                                                                • Instruction ID: 10048c6493f34f3e7cabdb45eef06a539f71f7c35f83566d74953324303c6d2f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0996011785909f7aff37bdcdb090ec47f0736a28c7729383dad6984cc6c337c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1541D174D007489FCB15CFA5EC42BEEB7B1AF45310F048259E915B7391E7B42688CB61
                                                                                                                                                                                                                Function 00D0E043 Relevance: 3.0, APIs: 2, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1519 d0e043-d0e051 1520 d0e053-d0e06d LCMapStringEx 1519->1520 1521 d0e06e-d0e08e call d0dec5 LCMapStringW 1519->1521
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LCMapStringEx.KERNELBASE(?,?,?,?,?,5EFC4D8B,00000000,00000000,00000000,?,00D0EAA4,?,?,00000000,?,00000000), ref: 00D0E06A
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,?,?,?,?,5EFC4D8B,?,00D0EAA4,?,?,00000000,?,00000000,00000000), ref: 00D0E087
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2568140703-0
                                                                                                                                                                                                                • Opcode ID: a8d2925dc542290eb2477a875f8409bc0b5f9190e845bbc620e03a7e968a33cb
                                                                                                                                                                                                                • Instruction ID: 5451ac72ffa53e2e8329238bce5bced5056a0f94b7b31283a12e4ca9dc25df65
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8d2925dc542290eb2477a875f8409bc0b5f9190e845bbc620e03a7e968a33cb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DF01472010209BFDF065F94ED46DAA3B6AFB58350B048415FA1985160D772A972AB60
                                                                                                                                                                                                                Function 00CFA17E Relevance: 3.0, APIs: 2, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1524 cfa17e-cfa18d call cfa14a ExitProcess
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___crtCorExitProcess.LIBCMT ref: 00CFA184
                                                                                                                                                                                                                  • Part of subcall function 00CFA14A: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,00CFA189,00000000,?,00CFA72A,000000FF,0000001E,00000000,00000000,00000000,?,00CFFCE1), ref: 00CFA159
                                                                                                                                                                                                                  • Part of subcall function 00CFA14A: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00CFA16B
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00CFA18D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2427264223-0
                                                                                                                                                                                                                • Opcode ID: 49669b96f5a03a2fa495522d9b05fe8c29c6d6729954f349996019c10ad21e17
                                                                                                                                                                                                                • Instruction ID: a5fe5b9069037ea5a549c3dd1fcf2e6c2281646f34c5cb046c4cb290321b7dc8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49669b96f5a03a2fa495522d9b05fe8c29c6d6729954f349996019c10ad21e17
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38B0923000420CFFCB212F15DD0A85C7F29EB012A0B118020FA0948131DB72A992AAA2
                                                                                                                                                                                                                Function 00CE2280 Relevance: 2.8, APIs: 1, Instructions: 1305COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2102423945-0
                                                                                                                                                                                                                • Opcode ID: 71a82b9465efe88467356a1ebfe8692d7bc248a74da184a9ce126eebc39bc19f
                                                                                                                                                                                                                • Instruction ID: 8c9394fddd9eebbea2d6dffc029e18f088fc85e9000193898943b81a8f1ddeb3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71a82b9465efe88467356a1ebfe8692d7bc248a74da184a9ce126eebc39bc19f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2F2F675810F498EC30ACF7AFD9122AB375BF9A385754930AD406F6329EBB150C2DB64
                                                                                                                                                                                                                Function 00CFA5B0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _doexit.LIBCMT ref: 00CFA5BA
                                                                                                                                                                                                                  • Part of subcall function 00CFA481: __lock.LIBCMT ref: 00CFA48F
                                                                                                                                                                                                                  • Part of subcall function 00CFA481: DecodePointer.KERNEL32(00D33D00,0000001C,00CFA36E,00000000,00000001,00000000,?,00CFA2BC,000000FF,?,00D00530,00000011,?,?,00D02990,0000000D), ref: 00CFA4CE
                                                                                                                                                                                                                  • Part of subcall function 00CFA481: DecodePointer.KERNEL32(?,00CFA2BC,000000FF,?,00D00530,00000011,?,?,00D02990,0000000D), ref: 00CFA4DF
                                                                                                                                                                                                                  • Part of subcall function 00CFA481: EncodePointer.KERNEL32(00000000,?,00CFA2BC,000000FF,?,00D00530,00000011,?,?,00D02990,0000000D), ref: 00CFA4F8
                                                                                                                                                                                                                  • Part of subcall function 00CFA481: DecodePointer.KERNEL32(-00000004,?,00CFA2BC,000000FF,?,00D00530,00000011,?,?,00D02990,0000000D), ref: 00CFA508
                                                                                                                                                                                                                  • Part of subcall function 00CFA481: EncodePointer.KERNEL32(00000000,?,00CFA2BC,000000FF,?,00D00530,00000011,?,?,00D02990,0000000D), ref: 00CFA50E
                                                                                                                                                                                                                  • Part of subcall function 00CFA481: DecodePointer.KERNEL32(?,00CFA2BC,000000FF,?,00D00530,00000011,?,?,00D02990,0000000D), ref: 00CFA524
                                                                                                                                                                                                                  • Part of subcall function 00CFA481: DecodePointer.KERNEL32(?,00CFA2BC,000000FF,?,00D00530,00000011,?,?,00D02990,0000000D), ref: 00CFA52F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2158581194-0
                                                                                                                                                                                                                • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                                • Instruction ID: 959a6a356e3f48c12129993a45e441f7c993ff8066cb151ccb2ff62e8487875a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EB0127198030C33D9102545FC03F657F0C4B40B54F500021FB0C1C1E1B5D3756094CB

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 00CFF9CE Relevance: 15.2, APIs: 10, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___crtGetLocaleInfoA.LIBCMT ref: 00CFFA20
                                                                                                                                                                                                                  • Part of subcall function 00D0DD22: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00D0DD2E
                                                                                                                                                                                                                  • Part of subcall function 00D0DD22: __crtGetLocaleInfoA_stat.LIBCMT ref: 00D0DD43
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00CFFA32
                                                                                                                                                                                                                • ___crtGetLocaleInfoA.LIBCMT ref: 00CFFA52
                                                                                                                                                                                                                • ___crtGetLocaleInfoA.LIBCMT ref: 00CFFA94
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00CFFA67
                                                                                                                                                                                                                  • Part of subcall function 00CFFC83: __calloc_impl.LIBCMT ref: 00CFFC92
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00CFFAA9
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFFAC1
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFFB01
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00CFFB2B
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFFB51
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Locale$Info$___crt__calloc_crt_free$A_statErrorLastUpdateUpdate::___calloc_impl__crt
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1754018987-0
                                                                                                                                                                                                                • Opcode ID: d0d843bb3de2ca1dfbf7641bb8b240c6786ab6600698d41c387ee0600c9f4f3d
                                                                                                                                                                                                                • Instruction ID: fbb2153286c0ab5bfa2c742adae9dc8698c42171ce7c4bbbbf3f261151b33a44
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0d843bb3de2ca1dfbf7641bb8b240c6786ab6600698d41c387ee0600c9f4f3d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E751807190021EABDB649F658C42BBABB79EF14710F1440AAFA4CE2141EB31DE519B72
                                                                                                                                                                                                                Function 00CEC5C0 Relevance: 12.2, APIs: 8, Instructions: 169serviceCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,80000000), ref: 00CEC644
                                                                                                                                                                                                                • EnumServicesStatusA.ADVAPI32(00000000,00000030,00000003,?,00000024,?,?,00000000), ref: 00CEC6C5
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00CEC6CE
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CEC70F
                                                                                                                                                                                                                • EnumServicesStatusA.ADVAPI32(00000000,00000030,00000003,00000000,?,?,?,00000000), ref: 00CEC740
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CEC7A9
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CEC7EF
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00CEC7FB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: EnumServicesStatus$CloseErrorHandleLastManagerOpenService__snprintf_free_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3403677689-0
                                                                                                                                                                                                                • Opcode ID: 308d0ba636ec28a87bb729dad702ae4228383e6787420381dffb0b5afbf25fcb
                                                                                                                                                                                                                • Instruction ID: 24e49af770f19d0a266297334ab211ec4ff33b7cd88c54fc78f34d19fa713249
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 308d0ba636ec28a87bb729dad702ae4228383e6787420381dffb0b5afbf25fcb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0271A171D00B48DFCB15CFA4EC91BAEB779BF89340F108219E506BB294E7715A82CB61
                                                                                                                                                                                                                Function 00D1EE73 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcscmp.LIBCMT ref: 00D1EE8A
                                                                                                                                                                                                                • _wcscmp.LIBCMT ref: 00D1EE9B
                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00D1F139,?,00000000), ref: 00D1EEB7
                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00D1F139,?,00000000), ref: 00D1EEE1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoLocale_wcscmp
                                                                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                                                                • API String ID: 1351282208-711371036
                                                                                                                                                                                                                • Opcode ID: 21982cd3021242ce30ec2884153dadb455ab3ffa93a21bf5531c476bb1afced8
                                                                                                                                                                                                                • Instruction ID: 85d09819545c7708f5704e688e6db98f9ec4f4342054e2ec778a538104120808
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21982cd3021242ce30ec2884153dadb455ab3ffa93a21bf5531c476bb1afced8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C018C31205215BADB21DE64FC45FDA3799AF007A0F088425FD04DA191EB30DAC1D7F5
                                                                                                                                                                                                                Function 00CE0E80 Relevance: 9.3, APIs: 6, Instructions: 286sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                • Opcode ID: b28c8aa30ad495aed0d53f3475f8bbab25171ea49bb7e2f0f39e99348cdbce03
                                                                                                                                                                                                                • Instruction ID: 44e1b96426f0d344de881960630cf21087a66b1b22fb0eba6d79d45164e4790e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b28c8aa30ad495aed0d53f3475f8bbab25171ea49bb7e2f0f39e99348cdbce03
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EE15675800B489FCB16CFB9E9416ADBBB1BF89340F148349E806B7369E7712985CF60
                                                                                                                                                                                                                Function 00D12AF4 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00D12B2A
                                                                                                                                                                                                                • __isleadbyte_l.LIBCMT ref: 00D12B58
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(75A8FC30,00000009,00000004,00000002,00000000,00000000), ref: 00D12B86
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(75A8FC30,00000009,00000004,00000001,00000000,00000000), ref: 00D12BBC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3058430110-0
                                                                                                                                                                                                                • Opcode ID: b9ed964c579d5e5bc85dbcf9cb377fe1abef25f768d194ec75561058bc79d90d
                                                                                                                                                                                                                • Instruction ID: 8082675731aefa616ef7a2d811bc2f48c655621e804245d57b7a1bff3c8b959a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9ed964c579d5e5bc85dbcf9cb377fe1abef25f768d194ec75561058bc79d90d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D31A231608246BFDB218F64ED45BFA7BB5FF41310F194119E45487194EB32D8A1DBB0
                                                                                                                                                                                                                Function 00CE1570 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 194pipeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreatePipe.KERNEL32(00000020,?,0000000C,00000000), ref: 00CE1666
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreatePipe
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 2719314638-2746444292
                                                                                                                                                                                                                • Opcode ID: 0f135df77a14d9f61c676c7ce0f71f7eb9489df97ffe20f9006b0fffe4cbfa60
                                                                                                                                                                                                                • Instruction ID: 83d680976fa26279d8e5e9b51bdab46fc1accf9203e50ebc688180c163c3a3b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f135df77a14d9f61c676c7ce0f71f7eb9489df97ffe20f9006b0fffe4cbfa60
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 728128B5A00708EFCB14CFA5ED44BEEB7B5FB88700F108619E506A7394DB759A80CB64
                                                                                                                                                                                                                Function 00D0FA4C Relevance: 19.6, APIs: 13, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1503006713-0
                                                                                                                                                                                                                • Opcode ID: 277f0f806e5c133c7829a74d9e53ba0a2d5b195e297526135160e8975b46a4ad
                                                                                                                                                                                                                • Instruction ID: 82e09f8186c142a1d5a82ce540b0316402a06f684cdcaa4876fcbca4b4e4bc32
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 277f0f806e5c133c7829a74d9e53ba0a2d5b195e297526135160e8975b46a4ad
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05212935204605AAE7317F64DC02F1A7BA8DF41790B34403DF58C964E1DB71980096B6
                                                                                                                                                                                                                Function 00CFA194 Relevance: 18.1, APIs: 12, Instructions: 84COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DecodePointer.KERNEL32 ref: 00CFA19C
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFA1B5
                                                                                                                                                                                                                  • Part of subcall function 00CFA688: RtlFreeHeap.NTDLL(00000000,00000000,?,00D02938,00000000,00D00F5F,00D0E22D,00000000,?,00CFFC97,?,?,00000000), ref: 00CFA69C
                                                                                                                                                                                                                  • Part of subcall function 00CFA688: GetLastError.KERNEL32(00000000,?,00D02938,00000000,00D00F5F,00D0E22D,00000000,?,00CFFC97,?,?,00000000,?,?,?,00D02A32), ref: 00CFA6AE
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFA1C8
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFA1E6
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFA1F8
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFA209
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFA214
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFA238
                                                                                                                                                                                                                • EncodePointer.KERNEL32(00A32918), ref: 00CFA23F
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFA254
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFA26A
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CFA292
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3064303923-0
                                                                                                                                                                                                                • Opcode ID: 6e39c8841e8f6f8f7c374e0f2bd4ef5ba1124abd1bdc4e3a20f523b8f0965308
                                                                                                                                                                                                                • Instruction ID: 66a6755681ec29ece17bb632e545c3e07ab46ccb04828b6aa134693429a7711a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e39c8841e8f6f8f7c374e0f2bd4ef5ba1124abd1bdc4e3a20f523b8f0965308
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6218DF2906B988FCA795F24FC40529F7B8AF0536171A412AFA0CD3360CB316841DBA7
                                                                                                                                                                                                                Function 00D0FB23 Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock_wcscmp
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1077091919-0
                                                                                                                                                                                                                • Opcode ID: 53947f5c0441b692ac7ffd63da8c3ab915add5160fae6817071313f745d7aef2
                                                                                                                                                                                                                • Instruction ID: 9742885563a90fc0fa6d8dc4677c6302d3b1b85b12fb2d4416fdf4834ae28d2c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53947f5c0441b692ac7ffd63da8c3ab915add5160fae6817071313f745d7aef2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7241D332904309AFDB20AFA4ED83B9D7BA0EF44314F24843DF91C966C2DB7596429B75
                                                                                                                                                                                                                Function 00CF9385 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00CF9398
                                                                                                                                                                                                                  • Part of subcall function 00CFF19F: std::exception::_Copy_str.LIBCMT ref: 00CFF1B8
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00CF93AD
                                                                                                                                                                                                                  • Part of subcall function 00CFF37C: RaiseException.KERNEL32(?,?,?,00D33AD0,?,?,?,?,?,00CF952D,?,00D33AD0,00000000,00000001), ref: 00CFF3D1
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00CF93C6
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00CF93DB
                                                                                                                                                                                                                • std::regex_error::regex_error.LIBCPMT ref: 00CF93ED
                                                                                                                                                                                                                  • Part of subcall function 00CF905C: std::exception::exception.LIBCMT ref: 00CF9076
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00CF93FB
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00CF9414
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00CF9429
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                                                                                                • String ID: bad function call
                                                                                                                                                                                                                • API String ID: 2464034642-3612616537
                                                                                                                                                                                                                • Opcode ID: 313b02abcc9aa226719c0fafd127438805617e66656f192bf69d526307f008b2
                                                                                                                                                                                                                • Instruction ID: 8ad59752f20f92f79d040abb4af70d173d906ffad5c8a2681f9c21d236d4bf44
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 313b02abcc9aa226719c0fafd127438805617e66656f192bf69d526307f008b2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F711B975C0020CBB8F04EFA4D8868DDBBBCEE18344F508466BE14A7251EB74A74D8BA1
                                                                                                                                                                                                                Function 00CD8040 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 308sleepfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _memset.LIBCMT ref: 00CE5C01
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _free.LIBCMT ref: 00CE5C43
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 00CD839B
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CD83FE
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CD8505
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CD851B
                                                                                                                                                                                                                • Sleep.KERNEL32(00015F90), ref: 00CD8528
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 00CD8535
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CD8549
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$File$DeleteModuleNameSleep__snprintf_free
                                                                                                                                                                                                                • String ID: rj3.
                                                                                                                                                                                                                • API String ID: 3733618472-2374996226
                                                                                                                                                                                                                • Opcode ID: aa897b4a18b0c0a68586c5a37fc82b59e6a9d815c173d97faa2f1fad33fa6f9b
                                                                                                                                                                                                                • Instruction ID: 88a69f7e6c8bef8a12d89eebe36e04a5b6cda36c0a9e1d5738e6e36c4b9e74b4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa897b4a18b0c0a68586c5a37fc82b59e6a9d815c173d97faa2f1fad33fa6f9b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23D1CE71800B089FC705DBB9FC81AAEB7B5BF99300F048659E505F73A9EB716588CB61
                                                                                                                                                                                                                Function 00CE16AA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 81processfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 00CE16CF
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CE16EE
                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 00CE1752
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000020,?,00000000), ref: 00CE178D
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CE181F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00CE56E4), ref: 00CE1829
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000020), ref: 00CE1833
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CE1843
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$Close$CreateFileInformationProcessWrite_memset
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 3900862288-2746444292
                                                                                                                                                                                                                • Opcode ID: c9200214b243bfbb73481cbb0ef223187bf667ebd355adac1ec76610a3ef0f0c
                                                                                                                                                                                                                • Instruction ID: a44c8b5409608c474cfdc3b73b3a5d6a9f78b69b2907db8e12c34d677291286d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9200214b243bfbb73481cbb0ef223187bf667ebd355adac1ec76610a3ef0f0c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D631E3B5E00708EFDB14CFA5E985BADBBB5FF88700F108519E605AA294D7749A80CB60
                                                                                                                                                                                                                Function 00CD8E40 Relevance: 12.3, APIs: 8, Instructions: 271fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00CD8EF2
                                                                                                                                                                                                                • ReadFile.KERNEL32(000000FF,?,?,?,00000000), ref: 00CD8F17
                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 00CD8F35
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00CD8F4C
                                                                                                                                                                                                                  • Part of subcall function 00CF8900: _malloc.LIBCMT ref: 00CF897B
                                                                                                                                                                                                                • _sprintf.LIBCMT ref: 00CD9145
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000001,40000000,00000000,00000000,00000002,00000000,00000000), ref: 00CD916E
                                                                                                                                                                                                                • WriteFile.KERNEL32(000000FF,?,?,?,00000000), ref: 00CD91DC
                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 00CD91E6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$CloseCreateHandle$CountReadTickWrite_malloc_sprintf
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3359727986-0
                                                                                                                                                                                                                • Opcode ID: e811778e3dec71761bed17687a115d474df51661b7c4763e8f5020783e4057c6
                                                                                                                                                                                                                • Instruction ID: 2968ffd61abdfec13247b5164cb9ec4c358f29f9932b7d0f0e282496cbe90f1e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e811778e3dec71761bed17687a115d474df51661b7c4763e8f5020783e4057c6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08C16C75D00B4CAFCB05CFA8E851AAEBBB6FF89300F148249E905B7355D771A985CB60
                                                                                                                                                                                                                Function 00CE6E60 Relevance: 12.2, APIs: 8, Instructions: 212processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00CE6EEE
                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00CE6F71
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00CE70A5
                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,000000FF), ref: 00CE70F8
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CE7102
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00CE711D
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CE712F
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CE7143
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3095088415-0
                                                                                                                                                                                                                • Opcode ID: a0fe04662a0b749d366204a248ae9d3fe44e66f4bb3dc965a3f4a0a4e014625a
                                                                                                                                                                                                                • Instruction ID: 76637da5a573b75afb6b143e2d315e14dace01effe49fbe67faf0cb9c09ab773
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0fe04662a0b749d366204a248ae9d3fe44e66f4bb3dc965a3f4a0a4e014625a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36B17871800B488FC706CFB8E8916AEFB75FF9A380F10834AD402B6369EB715585CB60
                                                                                                                                                                                                                Function 00CE6030 Relevance: 12.2, APIs: 8, Instructions: 183processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00CE6094
                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00CE6155
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CE620C
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,?,00000000), ref: 00CE623A
                                                                                                                                                                                                                • Module32First.KERNEL32(0000000D,00000224), ref: 00CE62A8
                                                                                                                                                                                                                • CloseHandle.KERNEL32(0000000D,0000000A,?,00CDD9E3), ref: 00CE6311
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00CE632C
                                                                                                                                                                                                                  • Part of subcall function 00CF8900: _malloc.LIBCMT ref: 00CF897B
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _memset.LIBCMT ref: 00CE5C01
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _free.LIBCMT ref: 00CE5C43
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFirstProcess32SnapshotToolhelp32$CloseHandleModule32Next__snprintf_free_malloc_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2771089087-0
                                                                                                                                                                                                                • Opcode ID: b9cd8e2cb509c45ccd74a51f49baddf63d8abf0ee6926bf3c05419f2f71ac73d
                                                                                                                                                                                                                • Instruction ID: eb2ae5db0e7569bb55a8287f90939428b134341ddbd1d2cb6e871cbec59baab4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9cd8e2cb509c45ccd74a51f49baddf63d8abf0ee6926bf3c05419f2f71ac73d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E819D71900B089FC715DFB5EC91AADB775FF48740F008259E509EA369EBB05681CFA0
                                                                                                                                                                                                                Function 00CE7C00 Relevance: 12.1, APIs: 8, Instructions: 84registrysynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegisterServiceCtrlHandlerA.ADVAPI32(00A318C8,Function_00015800), ref: 00CE7C94
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(00000000,00D37070), ref: 00CE7CC2
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00CE7CD0
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(00000000,00D37070), ref: 00CE7D1E
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00001388), ref: 00CE7D2F
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(00000000,00D37070), ref: 00CE7D61
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CE7D6D
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(00000000,00D37070), ref: 00CE7DBB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Service$Status$CloseCreateCtrlEventHandleHandlerObjectRegisterSingleWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3399922960-0
                                                                                                                                                                                                                • Opcode ID: 6f85a03a1066c1b380e23caed8fb5a002968e4a1d690adf2092350c1e71098f4
                                                                                                                                                                                                                • Instruction ID: 496b472b52fd41bc0f4dab9d125dba16af3dfc73e78501a015f01294ec84369b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f85a03a1066c1b380e23caed8fb5a002968e4a1d690adf2092350c1e71098f4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D04102F2608F84AFD329CF34FDA9B0677B9AB49740F408209E512D63A0D7B69485DB70
                                                                                                                                                                                                                Function 00CDDE80 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 278COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                • Opcode ID: 9cc9b06dd419dfb1ce0261df9df857f56b39530e478744a2f250c1a2deb41084
                                                                                                                                                                                                                • Instruction ID: c952437a3b875c140d584e921103244671c57604e92401677c51f34c83ac55a4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cc9b06dd419dfb1ce0261df9df857f56b39530e478744a2f250c1a2deb41084
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91C1D170D00B49DFCB04DF68E9816BDB7B2BF85344F10825AE506EB365D7719A80EB60
                                                                                                                                                                                                                Function 00D0AF7C Relevance: 10.6, APIs: 7, Instructions: 84COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___unDName.LIBCMT ref: 00D0AFAB
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00D0AFBE
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00D0AFDA
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00D0AFEC
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00D0AFFD
                                                                                                                                                                                                                • _free.LIBCMT ref: 00D0B046
                                                                                                                                                                                                                  • Part of subcall function 00D0047D: IsProcessorFeaturePresent.KERNEL32(00000017,00D00451,00000000,?,?,?,?,?,00D0045E,00000000,00000000,00000000,00000000,00000000,00D0C360), ref: 00D0047F
                                                                                                                                                                                                                • _free.LIBCMT ref: 00D0B03F
                                                                                                                                                                                                                  • Part of subcall function 00CFA688: RtlFreeHeap.NTDLL(00000000,00000000,?,00D02938,00000000,00D00F5F,00D0E22D,00000000,?,00CFFC97,?,?,00000000), ref: 00CFA69C
                                                                                                                                                                                                                  • Part of subcall function 00CFA688: GetLastError.KERNEL32(00000000,?,00D02938,00000000,00D00F5F,00D0E22D,00000000,?,00CFFC97,?,?,00000000,?,?,?,00D02A32), ref: 00CFA6AE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free_malloc$ErrorFeatureFreeHeapLastNamePresentProcessor___un__lock_strlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3704956918-0
                                                                                                                                                                                                                • Opcode ID: dbc8caba7447460ed8281dbd20cd67539c86f29ac091e95e6e1dd94fb8522e52
                                                                                                                                                                                                                • Instruction ID: 4d8736bd4d6fba31cb69cf027682bc17d8be100aaaa8abe9c68ab1e14c8bc405
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbc8caba7447460ed8281dbd20cd67539c86f29ac091e95e6e1dd94fb8522e52
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A21C7F1904706AAD764AB649C46B2BB7A8AF15350F148129B51CDB2C2DB74E841C6B2
                                                                                                                                                                                                                Function 00D029FA Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __init_pointers.LIBCMT ref: 00D029FA
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: EncodePointer.KERNEL32(00000000,?,00D029FF,00CFEF28,00D33DE8,00000014), ref: 00CFA3E2
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: __initp_misc_winsig.LIBCMT ref: 00CFA3FD
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00D009A3
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00D009B7
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00D009CA
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00D009DD
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00D009F0
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00D00A03
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00D00A16
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00D00A29
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00D00A3C
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00D00A4F
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00D00A62
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00D00A75
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00D00A88
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00D00A9B
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00D00AAE
                                                                                                                                                                                                                  • Part of subcall function 00CFA3DF: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00D00AC1
                                                                                                                                                                                                                • __mtinitlocks.LIBCMT ref: 00D029FF
                                                                                                                                                                                                                • __mtterm.LIBCMT ref: 00D02A08
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00D02A2D
                                                                                                                                                                                                                • __initptd.LIBCMT ref: 00D02A4F
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00D02A56
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1593083391-0
                                                                                                                                                                                                                • Opcode ID: 2b0c0f93c4613332a7e9bce1395cc2a569f57c6386fa33190310ccd65d0abb9b
                                                                                                                                                                                                                • Instruction ID: bc583ec05d6fbd78a31188d172c01880372359b8c48d3def0391c1121cc78760
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b0c0f93c4613332a7e9bce1395cc2a569f57c6386fa33190310ccd65d0abb9b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2EF0243221A7512DE63877743C0B77A2A84DF01738F24062EF46CE50E1FF11894281B4
                                                                                                                                                                                                                Function 00CE5000 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 439COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free_memset
                                                                                                                                                                                                                • String ID: $
                                                                                                                                                                                                                • API String ID: 287624719-227171996
                                                                                                                                                                                                                • Opcode ID: 5df450d20ff87472c863c57d206a9cf9574b2d5c90f719d52c500a7d397845e0
                                                                                                                                                                                                                • Instruction ID: 85f3dea6e0f9c0e5872abf83cc27ae9d6d7976235c6ef668825e5974d373f0bb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5df450d20ff87472c863c57d206a9cf9574b2d5c90f719d52c500a7d397845e0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6129E75C00B489FCB05CFA9EC81AAEB7B1BF89344F148219E509BB365E7716585CFA0
                                                                                                                                                                                                                Function 00D0F363 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00D0F8FF
                                                                                                                                                                                                                  • Part of subcall function 00D0050D: __mtinitlocknum.LIBCMT ref: 00D0051F
                                                                                                                                                                                                                  • Part of subcall function 00D0050D: __amsg_exit.LIBCMT ref: 00D0052B
                                                                                                                                                                                                                  • Part of subcall function 00D0050D: EnterCriticalSection.KERNEL32(?,?,00D02990,0000000D), ref: 00D00538
                                                                                                                                                                                                                • _free.LIBCMT ref: 00D0F925
                                                                                                                                                                                                                  • Part of subcall function 00CFA688: RtlFreeHeap.NTDLL(00000000,00000000,?,00D02938,00000000,00D00F5F,00D0E22D,00000000,?,00CFFC97,?,?,00000000), ref: 00CFA69C
                                                                                                                                                                                                                  • Part of subcall function 00CFA688: GetLastError.KERNEL32(00000000,?,00D02938,00000000,00D00F5F,00D0E22D,00000000,?,00CFFC97,?,?,00000000,?,?,?,00D02A32), ref: 00CFA6AE
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00D0F93E
                                                                                                                                                                                                                • ___removelocaleref.LIBCMT ref: 00D0F94D
                                                                                                                                                                                                                • ___freetlocinfo.LIBCMT ref: 00D0F966
                                                                                                                                                                                                                • _free.LIBCMT ref: 00D0F979
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 626533743-0
                                                                                                                                                                                                                • Opcode ID: 5154600c459656be1a9be8071274736a620176d12357c19cce9ece14a1015c67
                                                                                                                                                                                                                • Instruction ID: 0d3b88a9e7f555e8b2def85277b3d117d2c6f07be59b4d2705e8d3741f830683
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5154600c459656be1a9be8071274736a620176d12357c19cce9ece14a1015c67
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A101D231901304BADB346F68E80672DB7A0DF00721F78463DF4ACA69D1CB749981DEB6
                                                                                                                                                                                                                Function 00CD94B0 Relevance: 7.7, APIs: 5, Instructions: 197synchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00D37440,00000104), ref: 00CD9599
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CD966E
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00CD96A4
                                                                                                                                                                                                                • __vfwprintf_p.LIBCMT ref: 00CD975A
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000100), ref: 00CD9790
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountFileModuleMutexNameReleaseTick__vfwprintf_p_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2753155262-0
                                                                                                                                                                                                                • Opcode ID: c3ab2caec46720d7157c69dc4a24f05cf75103475589b168c29f84b1bdc9540b
                                                                                                                                                                                                                • Instruction ID: 8bd5281f7c546b849b600b1526256a7b37e38ddb8d3e09ad7f08ee081035c5f0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3ab2caec46720d7157c69dc4a24f05cf75103475589b168c29f84b1bdc9540b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2819FB5D00B08AFCB05CFB9EC82AADBBB1EF49300F048259E905B7365E7716584CB61
                                                                                                                                                                                                                Function 00CE9EE0 Relevance: 7.7, APIs: 5, Instructions: 196processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00CEA00D
                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00CEA04D
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00CEA206
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CEA218
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CEA261
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2526126748-0
                                                                                                                                                                                                                • Opcode ID: 65df0c2d0f6a714d88afcf002cc24dc542a237a0754099cb2003501d3a5e05b7
                                                                                                                                                                                                                • Instruction ID: fca39dce9aa9937137da801c075269f7cbf55a322207981f162534941737fe33
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65df0c2d0f6a714d88afcf002cc24dc542a237a0754099cb2003501d3a5e05b7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDA19775800B49CECB09CFA5E8806AEBBB1FF59344F048249D415B6328E77626C5CFA5
                                                                                                                                                                                                                Function 00CEA690 Relevance: 7.6, APIs: 5, Instructions: 120fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • std::ios_base::good.LIBCPMTD ref: 00CEA74F
                                                                                                                                                                                                                • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00CEA7A2
                                                                                                                                                                                                                • std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00CEA7B1
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00CD7A5E), ref: 00CEA7BE
                                                                                                                                                                                                                • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00CEA828
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Affinity::operator!=Concurrency::details::Hardware$DeleteFileMutex_baseMutex_base::~_std::_std::ios_base::good
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1152012751-0
                                                                                                                                                                                                                • Opcode ID: 6aba555c47f53b9db9cc96f57e6c9bf2277e6ec847e59634a0ee81847b3f0400
                                                                                                                                                                                                                • Instruction ID: ce4edf18cd0c1aff4be5ea7006538057cbff1dbd2a106521941690b2b02ae6f4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6aba555c47f53b9db9cc96f57e6c9bf2277e6ec847e59634a0ee81847b3f0400
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3551CF71810B48DEC70AEBB2FC915AEB374FF58340714865AE502B7265FB302A85EB60
                                                                                                                                                                                                                Function 00D23B77 Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __getenv_helper_nolock.LIBCMT ref: 00D23BB2
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00D23BC0
                                                                                                                                                                                                                  • Part of subcall function 00D00F5A: __getptd_noexit.LIBCMT ref: 00D00F5A
                                                                                                                                                                                                                • _strnlen.LIBCMT ref: 00D23C4B
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00D23C5C
                                                                                                                                                                                                                • __getenv_helper_nolock.LIBCMT ref: 00D23C67
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2168648987-0
                                                                                                                                                                                                                • Opcode ID: 61ab4ab30a78c385cd78541b89be0ee9ad9cb1aa884ca8582ad23621bdf996a4
                                                                                                                                                                                                                • Instruction ID: 65cbf91c52628852926a8b6ee886629c4f224390e98a3d02483b9873418516df
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61ab4ab30a78c385cd78541b89be0ee9ad9cb1aa884ca8582ad23621bdf996a4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B131C832A042366BDB216E64EC02B6E6A64EF25B25F140125F908EB2C1DA7DCA0157F1
                                                                                                                                                                                                                Function 00D0E0FD Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00D0E109
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: __FF_MSGBANNER.LIBCMT ref: 00CFA714
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: __NMSG_WRITE.LIBCMT ref: 00CFA71B
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: RtlAllocateHeap.NTDLL(00A20000,00000000,00000001,00000000,00000000,00000000,?,00CFFCE1,00000000,00000000,00000000,00000000,?,00D005F7,00000018,00D33E08), ref: 00CFA740
                                                                                                                                                                                                                • _free.LIBCMT ref: 00D0E11C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1020059152-0
                                                                                                                                                                                                                • Opcode ID: 38e7bdba7d4a879ed5b6b45232fc4bca1e80265434d87ced6bec79cced2fae4d
                                                                                                                                                                                                                • Instruction ID: 75379d08754bd228429767cffafe4422cee6ffb9831e2354e8efebe55c01081a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38e7bdba7d4a879ed5b6b45232fc4bca1e80265434d87ced6bec79cced2fae4d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5911063250832AAACB312F74EC047693FA8DF14361F184D29FA9CD62D0DA34C851A6B3
                                                                                                                                                                                                                Function 00CD9D40 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 00CD9DBA
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00CD9DD5
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CD9DE2
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00CD9DF0
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,000000FF), ref: 00CD9DFC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCreateHandle$EventObjectSingleThreadWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1404307249-0
                                                                                                                                                                                                                • Opcode ID: 0ae770523a71b0d718e94aed77b83d201fd4a2118319bcfc00faa5c6f5969f5c
                                                                                                                                                                                                                • Instruction ID: 5a99c82defffe3b6a31064676128c38e7f789fdd5f684bc905334b6b3c1ef7f8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ae770523a71b0d718e94aed77b83d201fd4a2118319bcfc00faa5c6f5969f5c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7211534A00708EFC705CFA5ED85B59BBB5FB49740F208645E806EB3A4D770A984DF60
                                                                                                                                                                                                                Function 00CD7390 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 410COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountSystemTickTime_malloc
                                                                                                                                                                                                                • String ID: C:\bamqdjw\czmruiag.exe$Z
                                                                                                                                                                                                                • API String ID: 3770554779-795484970
                                                                                                                                                                                                                • Opcode ID: fc004d966d431487a9dcb2488bf18b7039baf19c8acc5efe01f7380251ad979e
                                                                                                                                                                                                                • Instruction ID: 9c03a14df3120742da848a5d93d4ddd226c5ed5fcf12996de0df7f1b36496782
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc004d966d431487a9dcb2488bf18b7039baf19c8acc5efe01f7380251ad979e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39127D75C00B089ECB06DFB4EC916AEB375BF99340F14825AE50AB7365EB705685CB60
                                                                                                                                                                                                                Function 00CDD7B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$__snprintf
                                                                                                                                                                                                                • String ID: C:\Users\user
                                                                                                                                                                                                                • API String ID: 1922369481-2179397983
                                                                                                                                                                                                                • Opcode ID: 0b7038ae1945af4cf8d4b32797a414230a0b15556c46c4afe8b413fe7559b020
                                                                                                                                                                                                                • Instruction ID: 5def6c68fb6cd6e716a08840deecfaa5afc107d76ffdaaa25c4bb94fa52c2846
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b7038ae1945af4cf8d4b32797a414230a0b15556c46c4afe8b413fe7559b020
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6AD19E71810F089AC706EFB5FC92AADB334FF55740F04821AE106B6266FBB16585DB61
                                                                                                                                                                                                                Function 00CD76A3 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 279sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNEL32(000008AE), ref: 00CD7A4D
                                                                                                                                                                                                                  • Part of subcall function 00CF8900: _malloc.LIBCMT ref: 00CF897B
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _memset.LIBCMT ref: 00CE5C01
                                                                                                                                                                                                                  • Part of subcall function 00CE5BB0: _free.LIBCMT ref: 00CE5C43
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CD79B3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$Sleep_free_malloc
                                                                                                                                                                                                                • String ID: C:\bamqdjw\czmruiag.exe$Z
                                                                                                                                                                                                                • API String ID: 3151160524-795484970
                                                                                                                                                                                                                • Opcode ID: 3fa1034d89aa6826b062582fb61d884b158f2bbfff5597c5ced210204042db12
                                                                                                                                                                                                                • Instruction ID: ff90fcc37bdb030e5270c999e8ede7a7e39be9f3758dbfc62bac798626c0334b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fa1034d89aa6826b062582fb61d884b158f2bbfff5597c5ced210204042db12
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8C17DB5C00B089FCB15DFA4EC81AADB375BF58300F04825AE609B7365EB706A85DF61
                                                                                                                                                                                                                Function 00D0F2F6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcsnlen
                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                • API String ID: 3628947076-3372436214
                                                                                                                                                                                                                • Opcode ID: e03f6fb461ab144c001b44130f79cf1af102bda91f4263ec954a5d45af065125
                                                                                                                                                                                                                • Instruction ID: c0cf050219ed52215f72f4a5f59dbd14dfef2cee75ad2fc706c21632abd31ac7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e03f6fb461ab144c001b44130f79cf1af102bda91f4263ec954a5d45af065125
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA21C3326042086BEB24DF64EC46BBE73ACDB45760F640175F94CCA5D0EA60ED4186B0
                                                                                                                                                                                                                Function 00D1E5FE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcscmp
                                                                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                                                                • API String ID: 856254489-711371036
                                                                                                                                                                                                                • Opcode ID: c9632030f06dbb2fe8f6695e73d1537add1c978de1717a3924e3e459adbdbcaf
                                                                                                                                                                                                                • Instruction ID: 4b75aaf3672504455e4edecb3d36270792debfe63752a8e952bca893ba360086
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9632030f06dbb2fe8f6695e73d1537add1c978de1717a3924e3e459adbdbcaf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B801963130121576EB20AA58EC46FD6339CDF243A4F484C12FD08DA181EA70D6C486F9
                                                                                                                                                                                                                Function 00CF5D20 Relevance: 6.3, APIs: 4, Instructions: 252COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CF5F63
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CF5FB4
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: __FF_MSGBANNER.LIBCMT ref: 00CFA714
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: __NMSG_WRITE.LIBCMT ref: 00CFA71B
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: RtlAllocateHeap.NTDLL(00A20000,00000000,00000001,00000000,00000000,00000000,?,00CFFCE1,00000000,00000000,00000000,00000000,?,00D005F7,00000018,00D33E08), ref: 00CFA740
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CF60D6
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CF60E4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _malloc$AllocateHeap_free_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3974598690-0
                                                                                                                                                                                                                • Opcode ID: f3d59200e04f39dbea9110f3662c7e3245cecec3a3c1dc93d8b91d557ff99f90
                                                                                                                                                                                                                • Instruction ID: 2e9db378d05485d48a9224256b0b202da211c75b7d6cb57d2a9e1a017b5baa1b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3d59200e04f39dbea9110f3662c7e3245cecec3a3c1dc93d8b91d557ff99f90
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6C18875800B08DFC709CF6AF880569B7B1FF89384B14C619E909EB329E771A585CFA5
                                                                                                                                                                                                                Function 00D0D34E Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdjustPointer_memmove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1721217611-0
                                                                                                                                                                                                                • Opcode ID: 5335c763bfd40bf81e3e467ff547630b631a6619b535918745e5ea7e84ea0928
                                                                                                                                                                                                                • Instruction ID: 4b2824efa97c51b0bd7aa07fa4a9d1c944db8c80d91cee3e54bb9e3a9ef7ff99
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5335c763bfd40bf81e3e467ff547630b631a6619b535918745e5ea7e84ea0928
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4541A935204303AFEB356EA5E881B6A7BE6DF41710F28401FF9498A5D2EF71E980D631
                                                                                                                                                                                                                Function 00CD3D80 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CD3DB2
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: __FF_MSGBANNER.LIBCMT ref: 00CFA714
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: __NMSG_WRITE.LIBCMT ref: 00CFA71B
                                                                                                                                                                                                                  • Part of subcall function 00CFA6FD: RtlAllocateHeap.NTDLL(00A20000,00000000,00000001,00000000,00000000,00000000,?,00CFFCE1,00000000,00000000,00000000,00000000,?,00D005F7,00000018,00D33E08), ref: 00CFA740
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CD3DDA
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CD3E25
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CD3E34
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$AllocateHeap_free_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 585861054-0
                                                                                                                                                                                                                • Opcode ID: 39551438238991d948e20618a79ca36c132be51084d80beba23a2f035d5dc697
                                                                                                                                                                                                                • Instruction ID: fc79ce2378732562c9f6bd9f07d20ae00a7f04cf9056e5c1fc90c7c5f5363dc9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39551438238991d948e20618a79ca36c132be51084d80beba23a2f035d5dc697
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3316BB8900608AFC714CF28E881A6AB766EF88340F14C259F8099B355D731EA85DB91
                                                                                                                                                                                                                Function 00D0F368 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00D028C0: __getptd_noexit.LIBCMT ref: 00D028C1
                                                                                                                                                                                                                  • Part of subcall function 00D028C0: __amsg_exit.LIBCMT ref: 00D028CE
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00D0F9B6
                                                                                                                                                                                                                  • Part of subcall function 00CFFC83: __calloc_impl.LIBCMT ref: 00CFFC92
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00D0F9EC
                                                                                                                                                                                                                • ___addlocaleref.LIBCMT ref: 00D0F9F8
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00D0FA0C
                                                                                                                                                                                                                  • Part of subcall function 00D00F5A: __getptd_noexit.LIBCMT ref: 00D00F5A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2580527540-0
                                                                                                                                                                                                                • Opcode ID: 35589aec1f1b6ce77f2f50ccef6cbac193f1102a2d71dc69c86305765837fa31
                                                                                                                                                                                                                • Instruction ID: 2cad9968b1abe1ac6e4f07f82ae49306f8587e3325acd614ccdd313dda0d4db8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35589aec1f1b6ce77f2f50ccef6cbac193f1102a2d71dc69c86305765837fa31
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79015231A05305ABD770FFB89806B2D7BA0DF85720F318559F59C9B2C2CA7449419AB1
                                                                                                                                                                                                                Function 00D0B304 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3016257755-0
                                                                                                                                                                                                                • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                                                                • Instruction ID: 4b9b568c3a7655d8074566b9469e635456693f9627d9ba99e416095f374747cf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A01407204414AFBCF125E84CC05AEE3F66FB19364B698516FA1C58071D336D9B1ABA1
                                                                                                                                                                                                                Function 00D0CBB4 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___BuildCatchObject.LIBCMT ref: 00D0CBCB
                                                                                                                                                                                                                  • Part of subcall function 00D0D2C0: ___AdjustPointer.LIBCMT ref: 00D0D309
                                                                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00D0CBE2
                                                                                                                                                                                                                • ___FrameUnwindToState.LIBCMT ref: 00D0CBF4
                                                                                                                                                                                                                • CallCatchBlock.LIBCMT ref: 00D0CC18
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2633735394-0
                                                                                                                                                                                                                • Opcode ID: 2d8c29e931c82cb4b179de0235233341f27f52423f207cbaa2e250d67f1f5fc6
                                                                                                                                                                                                                • Instruction ID: ebf211f50b7d81e43fe4e2609298ba83c23ad0d095b49972135ff781a702c45d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d8c29e931c82cb4b179de0235233341f27f52423f207cbaa2e250d67f1f5fc6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD012932400109BBCF126FA5CC01FEA7BBAFF48754F149115FA1C61161D332E861EBA1
                                                                                                                                                                                                                Function 00CDE1E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                • API String ID: 2931989736-1885708031
                                                                                                                                                                                                                • Opcode ID: a46d8d43d2204f9cb750155fd74b36680d4656a6c8c5ba90e1f7a570e0d34b4f
                                                                                                                                                                                                                • Instruction ID: 649f00c0920e9cc006ae6000ce860c8871871d4f6af094eca6387e5ddd56cdbc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a46d8d43d2204f9cb750155fd74b36680d4656a6c8c5ba90e1f7a570e0d34b4f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3317C71C00F09CBC706DF74FD016AAB376BF9A344F108316E606BA329E77155829BA4
                                                                                                                                                                                                                Function 00CE1799 Relevance: 5.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CE181F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00CE56E4), ref: 00CE1829
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000020), ref: 00CE1833
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CE1843
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                • Opcode ID: 0b2bd7513d7b823561fe6310bec5897f2b41b370a0a32e9db7386fe052c2b917
                                                                                                                                                                                                                • Instruction ID: 0111fb24ecad6fd8eeff1121c1f212296b7da8e92194f398e788d684fdfd6c21
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b2bd7513d7b823561fe6310bec5897f2b41b370a0a32e9db7386fe052c2b917
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4F03A75E01208EFCB24CFE2F948AAE7B75FB44301F108949E91196394CB38D950CFA0
                                                                                                                                                                                                                Function 00CE1766 Relevance: 5.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CE181F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00CE56E4), ref: 00CE1829
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000020), ref: 00CE1833
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CE1843
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1705125045.0000000000CD1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00CD0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705092895.0000000000CD0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705175064.0000000000D27000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D35000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705225202.0000000000D39000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1705279647.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_cd0000_mt2o4nrsazl5davsv.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                • Opcode ID: fec31c4cb2e5194c8bea59f9cddf8f1d51ab0cce73c8721e1d5b2c3b2ede85d6
                                                                                                                                                                                                                • Instruction ID: 0111fb24ecad6fd8eeff1121c1f212296b7da8e92194f398e788d684fdfd6c21
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fec31c4cb2e5194c8bea59f9cddf8f1d51ab0cce73c8721e1d5b2c3b2ede85d6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4F03A75E01208EFCB24CFE2F948AAE7B75FB44301F108949E91196394CB38D950CFA0

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:13%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                Total number of Nodes:1845
                                                                                                                                                                                                                Total number of Limit Nodes:132
                                                                                                                                                                                                                execution_graph 31761 ca7c00 RegisterServiceCtrlHandlerA 31762 ca7cac SetServiceStatus CreateEventA SetServiceStatus 31761->31762 31763 ca7dc1 31761->31763 31764 ca7d24 WaitForSingleObject 31762->31764 31764->31764 31765 ca7d3c 31764->31765 31768 c91da0 31765->31768 31769 c91e2f 31768->31769 31770 c91e67 WaitForSingleObject 31768->31770 31769->31770 31771 c91ed1 SetServiceStatus CloseHandle SetServiceStatus 31770->31771 31771->31763 31772 cbeea4 31812 ccc365 31772->31812 31774 cbeea9 _doexit 31816 cc08f3 GetStartupInfoW 31774->31816 31776 cbeebf 31818 cc2a93 GetProcessHeap 31776->31818 31778 cbef17 31779 cbef22 31778->31779 31917 cbf044 58 API calls 3 library calls 31778->31917 31819 cc29fa 31779->31819 31782 cbef28 31783 cbef33 __RTC_Initialize 31782->31783 31918 cbf044 58 API calls 3 library calls 31782->31918 31840 cca5a6 31783->31840 31786 cbef42 31787 cbef4e GetCommandLineA 31786->31787 31919 cbf044 58 API calls 3 library calls 31786->31919 31859 ccc401 GetEnvironmentStringsW 31787->31859 31790 cbef4d 31790->31787 31794 cbef73 31883 ccc237 31794->31883 31798 cbef84 31899 cba2db 31798->31899 31801 cbef97 31905 ccc48e 31801->31905 31802 cbef8c 31802->31801 31922 cba2a1 58 API calls 3 library calls 31802->31922 31813 ccc388 31812->31813 31814 ccc395 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 31812->31814 31813->31814 31815 ccc38c 31813->31815 31814->31815 31815->31774 31817 cc0909 31816->31817 31817->31776 31818->31778 31923 cba3df 36 API calls 2 library calls 31819->31923 31821 cc29ff 31924 cc065e InitializeCriticalSectionAndSpinCount __alloc_osfhnd 31821->31924 31823 cc2a04 31824 cc2a08 31823->31824 31926 cc07e7 TlsAlloc 31823->31926 31925 cc2a70 TlsFree __mtterm 31824->31925 31828 cc2a1a 31828->31824 31829 cc2a25 31828->31829 31927 cbfc83 31829->31927 31832 cc2a67 31935 cc2a70 TlsFree __mtterm 31832->31935 31835 cc2a46 31835->31832 31837 cc2a4c 31835->31837 31934 cc2947 58 API calls 4 library calls 31837->31934 31839 cc2a54 GetCurrentThreadId 31839->31782 31841 cca5b2 _doexit 31840->31841 31947 cc050d 31841->31947 31843 cca5b9 31844 cbfc83 __calloc_crt 58 API calls 31843->31844 31845 cca5ca 31844->31845 31846 cca635 GetStartupInfoW 31845->31846 31847 cca5d5 _doexit @_EH4_CallFilterFunc@8 31845->31847 31853 cca779 31846->31853 31855 cca64a 31846->31855 31847->31786 31848 cca841 31956 cca851 LeaveCriticalSection _doexit 31848->31956 31850 cca698 31850->31853 31856 cca6cc GetFileType 31850->31856 31954 cc092e InitializeCriticalSectionAndSpinCount 31850->31954 31851 cbfc83 __calloc_crt 58 API calls 31851->31855 31852 cca7c6 GetStdHandle 31852->31853 31853->31848 31853->31852 31854 cca7d9 GetFileType 31853->31854 31955 cc092e InitializeCriticalSectionAndSpinCount 31853->31955 31854->31853 31855->31850 31855->31851 31855->31853 31856->31850 31860 cbef5e 31859->31860 31861 ccc414 WideCharToMultiByte 31859->31861 31872 ccc008 31860->31872 31863 ccc47e FreeEnvironmentStringsW 31861->31863 31864 ccc447 31861->31864 31863->31860 31865 cbfccb __malloc_crt 58 API calls 31864->31865 31866 ccc44d 31865->31866 31866->31863 31867 ccc454 WideCharToMultiByte 31866->31867 31868 ccc46a 31867->31868 31869 ccc473 FreeEnvironmentStringsW 31867->31869 31870 cba688 _free 58 API calls 31868->31870 31869->31860 31871 ccc470 31870->31871 31871->31869 31873 ccc01b GetModuleFileNameA 31872->31873 31874 ccc016 31872->31874 31875 ccc048 31873->31875 32033 cc186f 31874->32033 32027 ccc0bb 31875->32027 31878 cbef68 31878->31794 31920 cba2a1 58 API calls 3 library calls 31878->31920 31880 cbfccb __malloc_crt 58 API calls 31881 ccc081 31880->31881 31881->31878 31882 ccc0bb _parse_cmdline 58 API calls 31881->31882 31882->31878 31884 ccc240 31883->31884 31888 ccc245 _strlen 31883->31888 31885 cc186f ___initmbctable 71 API calls 31884->31885 31885->31888 31886 cbef79 31886->31798 31921 cba2a1 58 API calls 3 library calls 31886->31921 31887 cbfc83 __calloc_crt 58 API calls 31895 ccc27b _strlen 31887->31895 31888->31886 31888->31887 31889 ccc2cd 31890 cba688 _free 58 API calls 31889->31890 31890->31886 31891 cbfc83 __calloc_crt 58 API calls 31891->31895 31892 ccc2f4 31893 cba688 _free 58 API calls 31892->31893 31893->31886 31895->31886 31895->31889 31895->31891 31895->31892 31896 ccc30b 31895->31896 32204 ccc4ed 58 API calls 2 library calls 31895->32204 32205 cc047d 8 API calls 2 library calls 31896->32205 31898 ccc317 31900 cba2e7 __IsNonwritableInCurrentImage 31899->31900 32206 cc1181 31900->32206 31902 cba305 __initterm_e 31904 cba324 _doexit __IsNonwritableInCurrentImage 31902->31904 32209 cb965e 67 API calls __cinit 31902->32209 31904->31802 31906 ccc49a 31905->31906 31909 ccc49f 31905->31909 31907 cc186f ___initmbctable 71 API calls 31906->31907 31907->31909 31908 cbef9d 31911 ca2280 31908->31911 31909->31908 32210 cda4ce 58 API calls x_ismbbtype_l 31909->32210 31912 ca22eb 31911->31912 32211 cb8e91 31912->32211 31914 ca2830 _memset 31915 ca4105 31914->31915 32219 cae9c0 31914->32219 31917->31779 31918->31783 31919->31790 31923->31821 31924->31823 31926->31828 31929 cbfc8a 31927->31929 31930 cbfcc5 31929->31930 31932 cbfca8 31929->31932 31936 cce211 31929->31936 31930->31832 31933 cc0843 TlsSetValue 31930->31933 31932->31929 31932->31930 31944 cc0cb9 Sleep 31932->31944 31933->31835 31934->31839 31937 cce21c 31936->31937 31942 cce237 31936->31942 31938 cce228 31937->31938 31937->31942 31945 cc0f5a 58 API calls __getptd_noexit 31938->31945 31940 cce247 HeapAlloc 31941 cce22d 31940->31941 31940->31942 31941->31929 31942->31940 31942->31941 31946 cbfc1f DecodePointer 31942->31946 31944->31932 31945->31941 31946->31942 31948 cc051e 31947->31948 31949 cc0531 EnterCriticalSection 31947->31949 31957 cc05b5 31948->31957 31949->31843 31951 cc0524 31951->31949 31981 cba2a1 58 API calls 3 library calls 31951->31981 31954->31850 31955->31853 31956->31847 31958 cc05c1 _doexit 31957->31958 31959 cc05ca 31958->31959 31960 cc05e2 31958->31960 31982 cc0d0c 58 API calls __NMSG_WRITE 31959->31982 31969 cc0603 _doexit 31960->31969 31985 cbfccb 31960->31985 31963 cc05cf 31983 cc0d69 58 API calls 5 library calls 31963->31983 31966 cc05d6 31984 cba17e GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 31966->31984 31967 cc060d 31972 cc050d __lock 58 API calls 31967->31972 31968 cc05fe 31991 cc0f5a 58 API calls __getptd_noexit 31968->31991 31969->31951 31974 cc0614 31972->31974 31975 cc0639 31974->31975 31976 cc0621 31974->31976 31993 cba688 31975->31993 31992 cc092e InitializeCriticalSectionAndSpinCount 31976->31992 31979 cc062d 31999 cc0655 LeaveCriticalSection _doexit 31979->31999 31982->31963 31983->31966 31988 cbfcd9 31985->31988 31987 cbfd0b 31987->31967 31987->31968 31988->31987 31990 cbfcec 31988->31990 32000 cba6fd 31988->32000 31990->31987 31990->31988 32017 cc0cb9 Sleep 31990->32017 31991->31969 31992->31979 31994 cba6ba __dosmaperr 31993->31994 31995 cba691 RtlFreeHeap 31993->31995 31994->31979 31995->31994 31996 cba6a6 31995->31996 32026 cc0f5a 58 API calls __getptd_noexit 31996->32026 31998 cba6ac GetLastError 31998->31994 31999->31969 32001 cba778 32000->32001 32006 cba709 32000->32006 32024 cbfc1f DecodePointer 32001->32024 32003 cba77e 32025 cc0f5a 58 API calls __getptd_noexit 32003->32025 32004 cba714 32004->32006 32018 cc0d0c 58 API calls __NMSG_WRITE 32004->32018 32019 cc0d69 58 API calls 5 library calls 32004->32019 32020 cba17e GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 32004->32020 32006->32004 32008 cba73c RtlAllocateHeap 32006->32008 32011 cba764 32006->32011 32015 cba762 32006->32015 32021 cbfc1f DecodePointer 32006->32021 32008->32006 32009 cba770 32008->32009 32009->31988 32022 cc0f5a 58 API calls __getptd_noexit 32011->32022 32023 cc0f5a 58 API calls __getptd_noexit 32015->32023 32017->31990 32018->32004 32019->32004 32021->32006 32022->32015 32023->32009 32024->32003 32025->32009 32026->31998 32029 ccc0dd 32027->32029 32032 ccc141 32029->32032 32037 cda4ce 58 API calls x_ismbbtype_l 32029->32037 32030 ccc05e 32030->31878 32030->31880 32032->32030 32038 cda4ce 58 API calls x_ismbbtype_l 32032->32038 32034 cc1878 32033->32034 32035 cc187f 32033->32035 32039 cc1c96 32034->32039 32035->31873 32037->32029 32038->32032 32040 cc1ca2 _doexit 32039->32040 32064 cc28c0 32040->32064 32044 cc1cb4 32081 cc1960 32044->32081 32047 cbfccb __malloc_crt 58 API calls 32048 cc1cd6 32047->32048 32049 cc1e03 _doexit 32048->32049 32088 cc1e3e 32048->32088 32049->32035 32052 cc1e13 32052->32049 32053 cc1e26 32052->32053 32056 cba688 _free 58 API calls 32052->32056 32099 cc0f5a 58 API calls __getptd_noexit 32053->32099 32054 cc1d0c 32055 cc1d2c 32054->32055 32058 cba688 _free 58 API calls 32054->32058 32055->32049 32059 cc050d __lock 58 API calls 32055->32059 32056->32053 32058->32055 32061 cc1d5b 32059->32061 32060 cc1de9 32098 cc1e08 LeaveCriticalSection _doexit 32060->32098 32061->32060 32063 cba688 _free 58 API calls 32061->32063 32063->32060 32100 cc28d8 GetLastError 32064->32100 32066 cc28c6 32067 cc1caa 32066->32067 32114 cba2a1 58 API calls 3 library calls 32066->32114 32069 cc1bbf 32067->32069 32070 cc1bcb _doexit 32069->32070 32071 cc28c0 ___FrameUnwindToState 58 API calls 32070->32071 32072 cc1bd5 32071->32072 32073 cc050d __lock 58 API calls 32072->32073 32074 cc1be7 32072->32074 32079 cc1c05 32073->32079 32075 cc1bf5 _doexit 32074->32075 32120 cba2a1 58 API calls 3 library calls 32074->32120 32075->32044 32076 cc1c32 32121 cc1c5c LeaveCriticalSection _doexit 32076->32121 32079->32076 32080 cba688 _free 58 API calls 32079->32080 32080->32076 32122 cc188d 32081->32122 32084 cc197f GetOEMCP 32086 cc19a8 32084->32086 32085 cc1991 32085->32086 32087 cc1996 GetACP 32085->32087 32086->32047 32086->32049 32087->32086 32089 cc1960 getSystemCP 60 API calls 32088->32089 32090 cc1e5b 32089->32090 32093 cc1eac IsValidCodePage 32090->32093 32095 cc1e62 setSBCS 32090->32095 32097 cc1ed1 _memset __setmbcp_nolock 32090->32097 32092 cc1cfd 32092->32052 32092->32054 32094 cc1ebe GetCPInfo 32093->32094 32093->32095 32094->32095 32094->32097 32141 cbf36d 32095->32141 32131 cc1a2d GetCPInfo 32097->32131 32098->32049 32099->32049 32115 cc0824 32100->32115 32102 cc28ed 32103 cc293b SetLastError 32102->32103 32104 cbfc83 __calloc_crt 55 API calls 32102->32104 32103->32066 32105 cc2900 32104->32105 32105->32103 32118 cc0843 TlsSetValue 32105->32118 32107 cc2914 32108 cc291a 32107->32108 32109 cc2932 32107->32109 32119 cc2947 58 API calls 4 library calls 32108->32119 32111 cba688 _free 55 API calls 32109->32111 32113 cc2938 32111->32113 32112 cc2922 GetCurrentThreadId 32112->32103 32113->32103 32116 cc083b TlsGetValue 32115->32116 32117 cc0837 32115->32117 32116->32102 32117->32102 32118->32107 32119->32112 32121->32074 32123 cc189e 32122->32123 32124 cc18eb 32122->32124 32125 cc28c0 ___FrameUnwindToState 58 API calls 32123->32125 32124->32084 32124->32085 32126 cc18a4 32125->32126 32128 cc18cb 32126->32128 32130 cce8ce 58 API calls 6 library calls 32126->32130 32128->32124 32129 cc1bbf __setmbcp 58 API calls 32128->32129 32129->32124 32130->32128 32132 cc1b0f 32131->32132 32133 cc1a65 32131->32133 32136 cbf36d UnDecorator::getTemplateConstant 6 API calls 32132->32136 32148 ccecfb 32133->32148 32138 cc1bbb 32136->32138 32138->32095 32140 ccebbd ___crtLCMapStringA 63 API calls 32140->32132 32142 cbf377 IsProcessorFeaturePresent 32141->32142 32143 cbf375 32141->32143 32145 ccc593 32142->32145 32143->32092 32203 ccc542 5 API calls ___raise_securityfailure 32145->32203 32147 ccc676 32147->32092 32149 cc188d _LocaleUpdate::_LocaleUpdate 58 API calls 32148->32149 32150 cced0c 32149->32150 32158 ccec03 32150->32158 32153 ccebbd 32154 cc188d _LocaleUpdate::_LocaleUpdate 58 API calls 32153->32154 32155 ccebce 32154->32155 32172 cce999 32155->32172 32159 ccec1d 32158->32159 32160 ccec2a MultiByteToWideChar 32158->32160 32159->32160 32161 ccec4f 32160->32161 32164 ccec56 32160->32164 32162 cbf36d UnDecorator::getTemplateConstant 6 API calls 32161->32162 32163 cc1ac6 32162->32163 32163->32153 32166 cba6fd _malloc 58 API calls 32164->32166 32169 ccec78 _memset __crtGetStringTypeA_stat 32164->32169 32165 ccecb4 MultiByteToWideChar 32167 ccecde 32165->32167 32168 ccecce GetStringTypeW 32165->32168 32166->32169 32171 ccdd5c 58 API calls _free 32167->32171 32168->32167 32169->32161 32169->32165 32171->32161 32173 cce9b2 MultiByteToWideChar 32172->32173 32175 ccea11 32173->32175 32178 ccea18 32173->32178 32176 cbf36d UnDecorator::getTemplateConstant 6 API calls 32175->32176 32179 cc1ae7 32176->32179 32177 ccea77 MultiByteToWideChar 32180 cceade 32177->32180 32181 ccea90 32177->32181 32184 cba6fd _malloc 58 API calls 32178->32184 32186 ccea40 __crtGetStringTypeA_stat 32178->32186 32179->32140 32202 ccdd5c 58 API calls _free 32180->32202 32197 cce043 32181->32197 32184->32186 32185 cceaa4 32185->32180 32187 cceaba 32185->32187 32189 cceae6 32185->32189 32186->32175 32186->32177 32187->32180 32188 cce043 ___crtLCMapStringW 2 API calls 32187->32188 32188->32180 32191 cba6fd _malloc 58 API calls 32189->32191 32194 cceb0e __crtGetStringTypeA_stat 32189->32194 32190 cce043 ___crtLCMapStringW 2 API calls 32192 cceb51 32190->32192 32191->32194 32193 cceb79 32192->32193 32196 cceb6b WideCharToMultiByte 32192->32196 32201 ccdd5c 58 API calls _free 32193->32201 32194->32180 32194->32190 32196->32193 32198 cce06e __crtCompareStringA_stat 32197->32198 32199 cce053 LCMapStringEx 32197->32199 32200 cce085 LCMapStringW 32198->32200 32199->32185 32200->32185 32201->32180 32202->32175 32203->32147 32204->31895 32205->31898 32207 cc1184 EncodePointer 32206->32207 32207->32207 32208 cc119e 32207->32208 32208->31902 32209->31904 32210->31909 32212 cb94dd 32211->32212 32213 cba6fd _malloc 58 API calls 32212->32213 32214 cb94ff 32212->32214 32216 cb9503 std::exception::exception 32212->32216 32866 cbfc1f DecodePointer 32212->32866 32213->32212 32214->31914 32867 cbf37c RaiseException 32216->32867 32218 cb952d 32220 cae9f3 32219->32220 32221 cba6fd _malloc 58 API calls 32220->32221 32222 caecfe 32221->32222 32223 cba5b0 58 API calls 32222->32223 32224 caed70 _memset 32222->32224 32223->32224 32868 cb8900 32224->32868 32226 caedde 32227 cb8900 58 API calls 32226->32227 32228 caedf2 32227->32228 32229 cb8900 58 API calls 32228->32229 32230 caee06 32229->32230 32231 cb8900 58 API calls 32230->32231 32232 caee1a 32231->32232 32233 cb8900 58 API calls 32232->32233 32234 caee2e 32233->32234 32235 cb8900 58 API calls 32234->32235 32236 caee42 32235->32236 32237 cb8900 58 API calls 32236->32237 32238 caee7d 32237->32238 32239 cb8900 58 API calls 32238->32239 32240 caee91 32239->32240 32241 cb8900 58 API calls 32240->32241 32242 caef6a GetModuleHandleA 32241->32242 32243 cb8900 58 API calls 32242->32243 32244 caefaf 32243->32244 32872 ca5bb0 32244->32872 32247 cb8900 58 API calls 32248 caf056 32247->32248 32249 ca5bb0 58 API calls 32248->32249 32250 caf0b9 GetProcAddress 32249->32250 32251 cb8900 58 API calls 32250->32251 32252 caf0e1 32251->32252 32253 ca5bb0 58 API calls 32252->32253 32254 caf0f8 GetProcAddress 32253->32254 32256 cb8900 58 API calls 32254->32256 32257 caf1ab 32256->32257 32258 ca5bb0 58 API calls 32257->32258 32259 caf1c2 GetProcAddress 32258->32259 32261 cb8900 58 API calls 32259->32261 32262 caf2f9 32261->32262 32263 ca5bb0 58 API calls 32262->32263 32264 caf310 GetProcAddress 32263->32264 32265 cb8900 58 API calls 32264->32265 32266 caf337 32265->32266 32267 ca5bb0 58 API calls 32266->32267 32268 caf34e GetProcAddress 32267->32268 32269 cb8900 58 API calls 32268->32269 32270 caf375 32269->32270 32271 ca5bb0 58 API calls 32270->32271 32272 caf38c GetProcAddress 32271->32272 32273 cb8900 58 API calls 32272->32273 32274 caf3b3 32273->32274 32275 ca5bb0 58 API calls 32274->32275 32276 caf3ca GetProcAddress 32275->32276 32277 cb8900 58 API calls 32276->32277 32278 caf3f1 32277->32278 32279 ca5bb0 58 API calls 32278->32279 32280 caf408 GetProcAddress 32279->32280 32281 cb8900 58 API calls 32280->32281 32282 caf456 32281->32282 32283 ca5bb0 58 API calls 32282->32283 32284 caf46d GetProcAddress 32283->32284 32285 cb8900 58 API calls 32284->32285 32286 caf495 32285->32286 32287 ca5bb0 58 API calls 32286->32287 32288 caf4ac GetProcAddress 32287->32288 32289 cb8900 58 API calls 32288->32289 32290 caf522 32289->32290 32291 ca5bb0 58 API calls 32290->32291 32292 caf56a GetProcAddress 32291->32292 32293 cb8900 58 API calls 32292->32293 32294 caf5b7 32293->32294 32295 ca5bb0 58 API calls 32294->32295 32296 caf65f GetProcAddress 32295->32296 32297 cb8900 58 API calls 32296->32297 32298 caf687 32297->32298 32299 ca5bb0 58 API calls 32298->32299 32300 caf69e GetProcAddress 32299->32300 32301 cb8900 58 API calls 32300->32301 32302 caf6c6 32301->32302 32303 ca5bb0 58 API calls 32302->32303 32304 caf6dd GetProcAddress 32303->32304 32306 cb8900 58 API calls 32304->32306 32307 caf7a8 32306->32307 32308 ca5bb0 58 API calls 32307->32308 32309 caf7bf GetProcAddress 32308->32309 32310 cb8900 58 API calls 32309->32310 32311 caf82c 32310->32311 32312 ca5bb0 58 API calls 32311->32312 32313 caf843 GetProcAddress 32312->32313 32314 caf8da 32313->32314 32315 cb8900 58 API calls 32314->32315 32316 caf8fe 32315->32316 32317 ca5bb0 58 API calls 32316->32317 32318 caf96b GetProcAddress 32317->32318 32320 cb8900 58 API calls 32318->32320 32321 cafa14 32320->32321 32322 ca5bb0 58 API calls 32321->32322 32323 cafa2b GetProcAddress 32322->32323 32324 cb8900 58 API calls 32323->32324 32325 cafa53 32324->32325 32326 ca5bb0 58 API calls 32325->32326 32327 cafa6a GetProcAddress 32326->32327 32328 cb8900 58 API calls 32327->32328 32329 cafab1 32328->32329 32330 ca5bb0 58 API calls 32329->32330 32331 cafac8 GetProcAddress 32330->32331 32332 cb8900 58 API calls 32331->32332 32333 cafaef 32332->32333 32334 ca5bb0 58 API calls 32333->32334 32335 cafb06 GetProcAddress 32334->32335 32336 cb8900 58 API calls 32335->32336 32337 cafbc0 32336->32337 32338 ca5bb0 58 API calls 32337->32338 32339 cafbd7 GetProcAddress 32338->32339 32340 cb8900 58 API calls 32339->32340 32341 cafbff 32340->32341 32342 ca5bb0 58 API calls 32341->32342 32343 cafc16 GetProcAddress 32342->32343 32344 cb8900 58 API calls 32343->32344 32345 cafc3e 32344->32345 32346 ca5bb0 58 API calls 32345->32346 32347 cafc6d GetProcAddress 32346->32347 32348 cb8900 58 API calls 32347->32348 32349 cafcbe 32348->32349 32350 ca5bb0 58 API calls 32349->32350 32351 cafcd5 GetProcAddress 32350->32351 32352 cb8900 58 API calls 32351->32352 32353 cafcfc 32352->32353 32354 ca5bb0 58 API calls 32353->32354 32355 cafd43 GetProcAddress 32354->32355 32356 cb8900 58 API calls 32355->32356 32357 cafd6a 32356->32357 32358 ca5bb0 58 API calls 32357->32358 32359 cafd81 GetProcAddress 32358->32359 32360 cb8900 58 API calls 32359->32360 32361 cafda8 32360->32361 32362 ca5bb0 58 API calls 32361->32362 32363 cafdbf GetProcAddress 32362->32363 32364 cb8900 58 API calls 32363->32364 32365 cafe12 32364->32365 32366 ca5bb0 58 API calls 32365->32366 32367 cafe39 GetProcAddress 32366->32367 32368 cb8900 58 API calls 32367->32368 32369 cafe61 32368->32369 32370 ca5bb0 58 API calls 32369->32370 32371 cafe78 GetProcAddress 32370->32371 32372 cb8900 58 API calls 32371->32372 32373 cafea0 32372->32373 32374 ca5bb0 58 API calls 32373->32374 32375 cafeb7 GetProcAddress 32374->32375 32376 cb8900 58 API calls 32375->32376 32377 caff1d 32376->32377 32378 ca5bb0 58 API calls 32377->32378 32379 caff34 GetProcAddress 32378->32379 32380 cb8900 58 API calls 32379->32380 32381 caff87 32380->32381 32382 ca5bb0 58 API calls 32381->32382 32383 caff9e GetProcAddress 32382->32383 32384 cb8900 58 API calls 32383->32384 32385 caffec 32384->32385 32386 ca5bb0 58 API calls 32385->32386 32387 cb0003 GetProcAddress 32386->32387 32388 cb8900 58 API calls 32387->32388 32389 cb002a 32388->32389 32390 ca5bb0 58 API calls 32389->32390 32391 cb0041 GetProcAddress 32390->32391 32392 cb8900 58 API calls 32391->32392 32393 cb0068 32392->32393 32394 ca5bb0 58 API calls 32393->32394 32395 cb00a9 GetProcAddress 32394->32395 32396 cb8900 58 API calls 32395->32396 32397 cb00d0 32396->32397 32398 ca5bb0 58 API calls 32397->32398 32399 cb00e7 GetProcAddress 32398->32399 32400 cb8900 58 API calls 32399->32400 32401 cb010e 32400->32401 32402 ca5bb0 58 API calls 32401->32402 32403 cb0125 GetProcAddress 32402->32403 32405 cb8900 58 API calls 32403->32405 32406 cb0262 32405->32406 32407 ca5bb0 58 API calls 32406->32407 32408 cb0279 GetProcAddress 32407->32408 32409 cb8900 58 API calls 32408->32409 32410 cb02ad 32409->32410 32411 ca5bb0 58 API calls 32410->32411 32412 cb02c4 GetProcAddress 32411->32412 32413 cb8900 58 API calls 32412->32413 32414 cb02ec 32413->32414 32415 ca5bb0 58 API calls 32414->32415 32416 cb0303 GetProcAddress 32415->32416 32417 cb8900 58 API calls 32416->32417 32418 cb032b 32417->32418 32419 ca5bb0 58 API calls 32418->32419 32420 cb0342 GetProcAddress 32419->32420 32421 cb8900 58 API calls 32420->32421 32422 cb036a 32421->32422 32423 ca5bb0 58 API calls 32422->32423 32424 cb0381 GetProcAddress 32423->32424 32425 cb8900 58 API calls 32424->32425 32426 cb03d3 32425->32426 32427 ca5bb0 58 API calls 32426->32427 32428 cb040c GetProcAddress 32427->32428 32429 cb044d 32428->32429 32430 cb8900 58 API calls 32429->32430 32431 cb04b8 32430->32431 32432 ca5bb0 58 API calls 32431->32432 32433 cb04cf GetProcAddress 32432->32433 32434 cb8900 58 API calls 32433->32434 32435 cb04f7 32434->32435 32436 ca5bb0 58 API calls 32435->32436 32437 cb050e GetProcAddress 32436->32437 32438 cb0581 32437->32438 32439 cb8900 58 API calls 32438->32439 32440 cb05bd 32439->32440 32441 ca5bb0 58 API calls 32440->32441 32442 cb0619 GetProcAddress 32441->32442 32443 cb8900 58 API calls 32442->32443 32444 cb0671 32443->32444 32445 ca5bb0 58 API calls 32444->32445 32446 cb0688 GetProcAddress 32445->32446 32447 cb8900 58 API calls 32446->32447 32448 cb06b0 32447->32448 32449 ca5bb0 58 API calls 32448->32449 32450 cb077f GetProcAddress 32449->32450 32451 cb8900 58 API calls 32450->32451 32452 cb07a7 32451->32452 32453 ca5bb0 58 API calls 32452->32453 32454 cb07be GetProcAddress 32453->32454 32455 cb8900 58 API calls 32454->32455 32456 cb07f0 32455->32456 32457 ca5bb0 58 API calls 32456->32457 32458 cb0827 GetProcAddress 32457->32458 32459 cb8900 58 API calls 32458->32459 32460 cb084f 32459->32460 32461 ca5bb0 58 API calls 32460->32461 32462 cb0866 GetProcAddress 32461->32462 32463 cb8900 58 API calls 32462->32463 32464 cb088e 32463->32464 32465 ca5bb0 58 API calls 32464->32465 32466 cb08d5 GetProcAddress 32465->32466 32467 cb8900 58 API calls 32466->32467 32468 cb08fd 32467->32468 32469 ca5bb0 58 API calls 32468->32469 32470 cb0914 GetProcAddress 32469->32470 32471 cb8900 58 API calls 32470->32471 32472 cb093c 32471->32472 32473 ca5bb0 58 API calls 32472->32473 32474 cb0953 GetProcAddress 32473->32474 32475 cb8900 58 API calls 32474->32475 32476 cb09ab 32475->32476 32477 ca5bb0 58 API calls 32476->32477 32478 cb09c2 GetProcAddress 32477->32478 32479 cb0a10 32478->32479 32480 cb8900 58 API calls 32479->32480 32481 cb0ac1 32480->32481 32482 ca5bb0 58 API calls 32481->32482 32483 cb0ad8 GetProcAddress 32482->32483 32484 cb0b4a 32483->32484 32485 cb8900 58 API calls 32484->32485 32486 cb0b83 32485->32486 32487 ca5bb0 58 API calls 32486->32487 32488 cb0b9a GetProcAddress 32487->32488 32489 cb8900 58 API calls 32488->32489 32490 cb0beb 32489->32490 32491 ca5bb0 58 API calls 32490->32491 32492 cb0c41 GetProcAddress 32491->32492 32493 cb8900 58 API calls 32492->32493 32494 cb0cb1 32493->32494 32495 ca5bb0 58 API calls 32494->32495 32496 cb0cc8 GetProcAddress 32495->32496 32497 cb8900 58 API calls 32496->32497 32498 cb0d03 32497->32498 32499 ca5bb0 58 API calls 32498->32499 32500 cb0d1a GetProcAddress 32499->32500 32501 cb8900 58 API calls 32500->32501 32502 cb0d42 32501->32502 32503 ca5bb0 58 API calls 32502->32503 32504 cb0d59 GetProcAddress 32503->32504 32505 cb8900 58 API calls 32504->32505 32506 cb0dbd 32505->32506 32507 ca5bb0 58 API calls 32506->32507 32508 cb0dd4 GetProcAddress 32507->32508 32509 cb0e55 32508->32509 32510 cb8900 58 API calls 32509->32510 32511 cb0e6d 32510->32511 32512 ca5bb0 58 API calls 32511->32512 32513 cb0e84 GetProcAddress 32512->32513 32514 cb8900 58 API calls 32513->32514 32515 cb0ebd 32514->32515 32516 ca5bb0 58 API calls 32515->32516 32517 cb0eec LoadLibraryA 32516->32517 32518 ca5bb0 58 API calls 32517->32518 32519 cb0f0f 32518->32519 32520 cb0fcb 32519->32520 32521 cb0f76 32519->32521 32523 cb8900 58 API calls 32520->32523 32522 cb8900 58 API calls 32521->32522 32524 cb0f82 LoadLibraryA 32522->32524 32525 cb0fd7 GetProcAddress 32523->32525 32526 ca5bb0 58 API calls 32524->32526 32527 cb8900 58 API calls 32525->32527 32528 cb0fab 32526->32528 32529 cb1005 32527->32529 32528->32520 32530 ca5bb0 58 API calls 32529->32530 32531 cb101c GetProcAddress 32530->32531 32532 cb8900 58 API calls 32531->32532 32533 cb1058 32532->32533 32534 ca5bb0 58 API calls 32533->32534 32535 cb108d GetProcAddress 32534->32535 32536 cb8900 58 API calls 32535->32536 32537 cb10f9 32536->32537 32538 ca5bb0 58 API calls 32537->32538 32539 cb1120 GetProcAddress 32538->32539 32540 cb8900 58 API calls 32539->32540 32541 cb1148 32540->32541 32542 ca5bb0 58 API calls 32541->32542 32543 cb115f GetProcAddress 32542->32543 32544 cb8900 58 API calls 32543->32544 32545 cb11a1 32544->32545 32546 ca5bb0 58 API calls 32545->32546 32547 cb11b8 GetProcAddress 32546->32547 32548 cb8900 58 API calls 32547->32548 32549 cb11e0 32548->32549 32550 ca5bb0 58 API calls 32549->32550 32551 cb11f7 GetProcAddress 32550->32551 32552 cb8900 58 API calls 32551->32552 32553 cb1246 32552->32553 32554 ca5bb0 58 API calls 32553->32554 32555 cb12a8 GetProcAddress 32554->32555 32556 cb8900 58 API calls 32555->32556 32557 cb12d0 32556->32557 32558 ca5bb0 58 API calls 32557->32558 32559 cb12e7 GetProcAddress 32558->32559 32560 cb8900 58 API calls 32559->32560 32561 cb130f 32560->32561 32562 ca5bb0 58 API calls 32561->32562 32563 cb1326 GetProcAddress 32562->32563 32565 cb8900 58 API calls 32563->32565 32566 cb1516 32565->32566 32567 ca5bb0 58 API calls 32566->32567 32568 cb152d GetProcAddress 32567->32568 32570 cb8900 58 API calls 32568->32570 32571 cb15f7 32570->32571 32572 ca5bb0 58 API calls 32571->32572 32573 cb1623 GetProcAddress 32572->32573 32574 cb8900 58 API calls 32573->32574 32575 cb164b 32574->32575 32576 ca5bb0 58 API calls 32575->32576 32577 cb1662 GetProcAddress 32576->32577 32578 cb8900 58 API calls 32577->32578 32579 cb168a 32578->32579 32580 ca5bb0 58 API calls 32579->32580 32581 cb16a1 GetProcAddress 32580->32581 32582 cb8900 58 API calls 32581->32582 32583 cb16c9 32582->32583 32584 ca5bb0 58 API calls 32583->32584 32585 cb1720 GetProcAddress 32584->32585 32586 cb8900 58 API calls 32585->32586 32587 cb1747 32586->32587 32588 ca5bb0 58 API calls 32587->32588 32589 cb175e GetProcAddress 32588->32589 32590 cb8900 58 API calls 32589->32590 32591 cb17bd 32590->32591 32592 ca5bb0 58 API calls 32591->32592 32593 cb17d4 GetProcAddress 32592->32593 32594 cb8900 58 API calls 32593->32594 32595 cb17fc 32594->32595 32596 ca5bb0 58 API calls 32595->32596 32597 cb18af LoadLibraryA 32596->32597 32598 cb8900 58 API calls 32597->32598 32599 cb18d0 32598->32599 32600 ca5bb0 58 API calls 32599->32600 32601 cb18e7 GetProcAddress 32600->32601 32602 cb8900 58 API calls 32601->32602 32603 cb193d 32602->32603 32604 ca5bb0 58 API calls 32603->32604 32605 cb1954 GetProcAddress 32604->32605 32607 cb8900 58 API calls 32605->32607 32608 cb19a7 32607->32608 32609 ca5bb0 58 API calls 32608->32609 32610 cb19be GetProcAddress 32609->32610 32611 cb8900 58 API calls 32610->32611 32612 cb19fe 32611->32612 32613 ca5bb0 58 API calls 32612->32613 32614 cb1a15 GetProcAddress 32613->32614 32615 cb8900 58 API calls 32614->32615 32616 cb1a3d 32615->32616 32617 ca5bb0 58 API calls 32616->32617 32618 cb1a78 GetProcAddress 32617->32618 32619 cb8900 58 API calls 32618->32619 32620 cb1ab0 32619->32620 32621 ca5bb0 58 API calls 32620->32621 32622 cb1ac7 GetProcAddress 32621->32622 32623 cb8900 58 API calls 32622->32623 32624 cb1aef 32623->32624 32625 ca5bb0 58 API calls 32624->32625 32626 cb1b06 GetProcAddress 32625->32626 32627 cb8900 58 API calls 32626->32627 32628 cb1b52 32627->32628 32629 ca5bb0 58 API calls 32628->32629 32630 cb1b99 GetProcAddress 32629->32630 32631 cb1bd5 32630->32631 32632 cb8900 58 API calls 32631->32632 32633 cb1bf1 32632->32633 32634 ca5bb0 58 API calls 32633->32634 32635 cb1c08 GetProcAddress 32634->32635 32636 cb1c4a 32635->32636 32637 cb8900 58 API calls 32636->32637 32638 cb1ca2 32637->32638 32639 ca5bb0 58 API calls 32638->32639 32640 cb1cb9 GetProcAddress 32639->32640 32641 cb8900 58 API calls 32640->32641 32642 cb1d4d 32641->32642 32643 ca5bb0 58 API calls 32642->32643 32644 cb1d64 GetProcAddress 32643->32644 32645 cb8900 58 API calls 32644->32645 32646 cb1d8c 32645->32646 32647 ca5bb0 58 API calls 32646->32647 32648 cb1da3 GetProcAddress 32647->32648 32649 cb8900 58 API calls 32648->32649 32650 cb1dcb 32649->32650 32651 ca5bb0 58 API calls 32650->32651 32652 cb1de2 GetProcAddress 32651->32652 32653 cb8900 58 API calls 32652->32653 32654 cb1e0a 32653->32654 32655 ca5bb0 58 API calls 32654->32655 32656 cb1e21 GetProcAddress 32655->32656 32657 cb8900 58 API calls 32656->32657 32658 cb1e49 32657->32658 32659 ca5bb0 58 API calls 32658->32659 32660 cb1e78 GetProcAddress 32659->32660 32661 cb8900 58 API calls 32660->32661 32662 cb1ea0 32661->32662 32663 ca5bb0 58 API calls 32662->32663 32664 cb1eb7 GetProcAddress 32663->32664 32665 cb8900 58 API calls 32664->32665 32666 cb1f68 32665->32666 32667 ca5bb0 58 API calls 32666->32667 32668 cb1f7f GetProcAddress 32667->32668 32669 cb8900 58 API calls 32668->32669 32670 cb1fbe 32669->32670 32671 ca5bb0 58 API calls 32670->32671 32672 cb200d GetProcAddress 32671->32672 32673 cb8900 58 API calls 32672->32673 32674 cb2034 32673->32674 32675 ca5bb0 58 API calls 32674->32675 32676 cb204b GetProcAddress 32675->32676 32677 cb8900 58 API calls 32676->32677 32678 cb20e0 32677->32678 32679 ca5bb0 58 API calls 32678->32679 32680 cb2107 GetProcAddress 32679->32680 32681 cb8900 58 API calls 32680->32681 32682 cb2139 32681->32682 32683 ca5bb0 58 API calls 32682->32683 32684 cb2164 GetProcAddress 32683->32684 32685 cb8900 58 API calls 32684->32685 32686 cb218c 32685->32686 32687 ca5bb0 58 API calls 32686->32687 32688 cb21a3 GetProcAddress 32687->32688 32689 cb8900 58 API calls 32688->32689 32690 cb21cb 32689->32690 32691 ca5bb0 58 API calls 32690->32691 32692 cb21e2 GetProcAddress 32691->32692 32693 cb8900 58 API calls 32692->32693 32694 cb220a 32693->32694 32695 ca5bb0 58 API calls 32694->32695 32696 cb2221 GetProcAddress 32695->32696 32697 cb8900 58 API calls 32696->32697 32698 cb2249 32697->32698 32699 ca5bb0 58 API calls 32698->32699 32700 cb2288 GetProcAddress 32699->32700 32701 ca5bb0 58 API calls 32700->32701 32702 cb22b2 32701->32702 32876 c97de0 GetSystemTime 32702->32876 32705 cb8900 58 API calls 32706 cb2324 GetEnvironmentVariableA 32705->32706 32707 ca5bb0 58 API calls 32706->32707 32708 cb2388 CreateMutexA CreateMutexA CreateMutexA 32707->32708 32882 cb94dd 32708->32882 32712 cb2609 32890 caacd0 32712->32890 32714 cb253a GetTickCount 32717 cb254f __itow 32714->32717 32715 cb23ec 32715->32712 32715->32714 32716 cb263f GetCommandLineA 32718 cb2669 32716->32718 32719 cb8900 58 API calls 32717->32719 32718->32718 32720 cb8900 58 API calls 32718->32720 32722 cb255e 32719->32722 32721 cb26a6 32720->32721 32723 ca5bb0 58 API calls 32721->32723 32722->32722 32725 ca5bb0 58 API calls 32722->32725 32724 cb271f 32723->32724 32726 cb3039 GetCommandLineA 32724->32726 32727 cb276c 32724->32727 32725->32712 32730 cb307d 32726->32730 32728 cb8900 58 API calls 32727->32728 32729 cb2778 32728->32729 32731 ca5bb0 58 API calls 32729->32731 32733 cb30f0 GetModuleFileNameA 32730->32733 32732 cb27a8 32731->32732 32735 cb2802 32732->32735 32736 cba5b0 58 API calls 32732->32736 32985 ce5f2b 32733->32985 32737 cb8900 58 API calls 32735->32737 32736->32735 32738 cb285c 32737->32738 32740 ca5bb0 58 API calls 32738->32740 32739 cb3150 32739->32739 32742 ce5f2b 63 API calls 32739->32742 32741 cb28c0 32740->32741 32743 cb28d0 32741->32743 32745 cba5b0 58 API calls 32741->32745 32744 cb31e5 32742->32744 32747 cb8900 58 API calls 32743->32747 32746 ce5f2b 63 API calls 32744->32746 32745->32743 32752 cb31f4 32746->32752 32754 cb2918 32747->32754 32748 cb34d4 32994 ca1a50 32748->32994 32750 cb35d3 32751 cb36cb 32750->32751 33001 cba5b0 32750->33001 33004 ca8370 32751->33004 32752->32748 33134 caa370 94 API calls _memset 32752->33134 32754->32754 32757 ca5bb0 58 API calls 32754->32757 32756 cb36d0 33070 cb8e80 32756->33070 32785 cb29aa 32757->32785 32760 cb326e 33135 ca0e80 32760->33135 32762 cb8e80 GetSystemTimeAsFileTime 32762->32785 32763 cb2a43 Sleep 33132 cba7e0 171 API calls 3 library calls 32763->33132 32764 cb3350 32766 cb34cd 32764->32766 32767 cb335d 32764->32767 32769 cba5b0 58 API calls 32766->32769 32768 cb8900 58 API calls 32767->32768 32772 cb3369 LoadLibraryA 32768->32772 32769->32748 32770 cb2fec Sleep 32770->32785 32771 cb3758 32771->32771 32775 cb38b1 WSAStartup 32771->32775 32773 cb8900 58 API calls 32772->32773 32774 cb3391 32773->32774 32776 ca5bb0 58 API calls 32774->32776 32780 cb3937 32775->32780 32790 cb39f6 32775->32790 32777 cb33a8 GetProcAddress 32776->32777 32781 ca5bb0 58 API calls 32777->32781 32778 cba7e0 171 API calls __stat32i64 32778->32785 32779 ca9ee0 67 API calls 32779->32785 32782 cb8900 58 API calls 32780->32782 32784 cb33d3 32781->32784 32783 cb3943 32782->32783 33147 cad530 59 API calls 32783->33147 32787 cb8900 58 API calls 32784->32787 32785->32762 32785->32763 32785->32770 32785->32778 32785->32779 32788 cb2c7e GetModuleFileNameA SetFileAttributesA 32785->32788 32796 cb2a97 32785->32796 32812 cb33e5 32787->32812 32794 cb2cd3 CopyFileA 32788->32794 32843 cb2cb3 32788->32843 32789 cb3a7d 32800 cb3a9a CloseHandle SetFileAttributesA CopyFileA 32789->32800 32819 cb3b7d 32789->32819 32790->32789 33148 ca4900 65 API calls 2 library calls 32790->33148 32792 cb2c3c Sleep 32792->32796 32793 cb3958 32798 ca5bb0 58 API calls 32793->32798 32794->32843 32796->32785 32799 ca7e90 3 API calls 32796->32799 32809 cba5b0 58 API calls 32796->32809 33133 ca6e60 70 API calls _memset 32796->33133 32797 cb3a18 32801 cb3a1c 32797->32801 32802 cb3a23 32797->32802 32798->32790 32799->32796 32804 cb3b75 32800->32804 32805 cb3ad7 SetFileAttributesA 32800->32805 32806 cba5b0 58 API calls 32801->32806 33149 cac1f0 Sleep GetSystemTimeAsFileTime 32802->33149 32813 c91da0 WaitForSingleObject 32804->32813 32810 cb3aef 32805->32810 32811 cb3afb 32805->32811 32806->32802 32807 cb3a28 32807->32789 32808 cb3bd9 SetFileAttributesA CopyFileA SetFileAttributesA 32817 cb3c56 32808->32817 32809->32770 33150 ca8de0 9 API calls 32810->33150 32821 cb3b1f Sleep 32811->32821 33151 ca0510 61 API calls 32811->33151 32816 ca5bb0 58 API calls 32812->32816 32818 cb3f77 32813->32818 32820 cb34a4 32816->32820 32824 cb8900 58 API calls 32817->32824 32825 cba5b0 58 API calls 32818->32825 32819->32808 32826 cb3bbb 32819->32826 32827 cb3b9a 32819->32827 33073 ca9ee0 32819->33073 32828 cba5b0 58 API calls 32820->32828 32823 ca7e90 3 API calls 32821->32823 32823->32804 32837 cb3c65 32824->32837 32830 cb3fa7 32825->32830 32826->32808 32827->32819 33152 ca6e60 70 API calls _memset 32827->33152 32832 cb34ae 32828->32832 32829 cb3b1c 32829->32821 32830->31914 32832->32766 32833 cb3bc9 Sleep 32833->32827 32834 cb8900 58 API calls 32834->32843 32835 cb2f33 SetFileAttributesA 32835->32785 32836 cb2f25 SetFileAttributesA 32836->32785 32837->32837 32838 cb8900 58 API calls 32837->32838 32839 cb3d16 32838->32839 32841 ca5bb0 58 API calls 32839->32841 32840 ca5bb0 58 API calls 32840->32843 32842 cb3d2d 32841->32842 33083 cbae47 32842->33083 32843->32794 32843->32834 32843->32835 32843->32836 32843->32840 32846 ca5bb0 58 API calls 32847 cb3d9f 32846->32847 33086 c92240 32847->33086 32850 cb8900 58 API calls 32851 cb3de6 32850->32851 32852 cb8900 58 API calls 32851->32852 32853 cb3dfb 32852->32853 33108 cbb368 32853->33108 32856 ca5bb0 58 API calls 32857 cb3ec0 32856->32857 32858 ca5bb0 58 API calls 32857->32858 32859 cb3ed1 32858->32859 33123 ca7e90 32859->33123 32861 cb3ee3 _memset 32862 cb3f0f CreateThread 32861->32862 32863 cb3f59 32862->32863 32864 cb3f5e Sleep 32862->32864 33808 c97390 32862->33808 33128 cad5e0 32863->33128 32864->32864 32866->32212 32867->32218 32869 cb8914 32868->32869 32870 cba6fd _malloc 58 API calls 32869->32870 32871 cb8980 ___check_float_string 32870->32871 32871->32226 32873 ca5c06 _memset 32872->32873 32874 cba688 _free 58 API calls 32873->32874 32875 ca5c48 GetProcAddress 32874->32875 32875->32247 32877 c97e72 32876->32877 32878 cb8e80 GetSystemTimeAsFileTime 32877->32878 32879 c97e9b GetTickCount 32878->32879 33153 cba678 32879->33153 32885 cb94e5 32882->32885 32883 cba6fd _malloc 58 API calls 32883->32885 32884 cb23cf 32884->32715 33131 ca7540 59 API calls 32884->33131 32885->32883 32885->32884 32887 cb9503 std::exception::exception 32885->32887 33156 cbfc1f DecodePointer 32885->33156 33157 cbf37c RaiseException 32887->33157 32889 cb952d 33158 c9d580 32890->33158 32892 caacf5 GetVersionExA 33160 c9a200 32892->33160 32897 caaec2 32899 cb8900 58 API calls 32897->32899 32900 caaee3 32899->32900 33180 cade40 32900->33180 32903 caad75 32903->32903 32905 caadf8 CreateDirectoryA 32903->32905 32904 ca5bb0 58 API calls 32908 caaf0c 32904->32908 32906 cb8900 58 API calls 32905->32906 32907 caae30 32906->32907 32907->32907 32909 ca5bb0 58 API calls 32907->32909 33184 ca4360 32908->33184 32909->32897 32912 cab0de 32914 c9e620 59 API calls 32912->32914 32913 cab072 DeleteFileA 32915 cab0a0 32913->32915 32916 cab0d1 RemoveDirectoryA 32913->32916 32917 cab127 32914->32917 32915->32916 32916->32912 32917->32917 32918 cab1da CreateDirectoryA 32917->32918 32919 cab21f 32918->32919 32920 cab266 CreateDirectoryA 32919->32920 32921 cb8900 58 API calls 32920->32921 32922 cab287 32921->32922 32922->32922 32923 cb8900 58 API calls 32922->32923 32924 cab317 32923->32924 32925 ca5bb0 58 API calls 32924->32925 32926 cab34d 32925->32926 32927 cade40 59 API calls 32926->32927 32928 cab469 32927->32928 32929 ca5bb0 58 API calls 32928->32929 32930 cab477 32929->32930 32931 ca4360 5 API calls 32930->32931 32932 cab4d5 32931->32932 32933 cabbba 32932->32933 32934 cab4e9 32932->32934 32935 cab531 32932->32935 32937 cabbc6 SetFileAttributesA 32933->32937 32938 cb8900 58 API calls 32934->32938 32936 cb8900 58 API calls 32935->32936 32939 cab53d 32936->32939 32947 cabc35 _memset codecvt 32937->32947 32940 cab4f5 32938->32940 32942 cbb368 __snprintf 83 API calls 32939->32942 32941 cbb368 __snprintf 83 API calls 32940->32941 32943 cab51b 32941->32943 32944 cab563 32942->32944 32945 ca5bb0 58 API calls 32943->32945 32946 ca5bb0 58 API calls 32944->32946 32948 cab52c CreateDirectoryA 32945->32948 32946->32948 32947->32716 32950 cab643 32948->32950 32950->32950 32951 cab683 CreateDirectoryA 32950->32951 32952 cb8900 58 API calls 32951->32952 32953 cab6c8 32952->32953 32953->32953 32954 cb8900 58 API calls 32953->32954 32955 cab758 32954->32955 32956 ca5bb0 58 API calls 32955->32956 32957 cab76f 32956->32957 32958 cade40 59 API calls 32957->32958 32959 cab784 32958->32959 32960 ca5bb0 58 API calls 32959->32960 32961 cab792 32960->32961 32962 ca4360 5 API calls 32961->32962 32963 cab7be 32962->32963 32963->32933 32964 cab7c9 GetTempPathA 32963->32964 32965 cab7f0 32964->32965 32965->32965 32966 cab8ec CreateDirectoryA 32965->32966 32967 cb8900 58 API calls 32966->32967 32968 cab90d 32967->32968 32968->32968 32969 cb8900 58 API calls 32968->32969 32970 cab9b1 32969->32970 32971 ca5bb0 58 API calls 32970->32971 32972 cab9c8 32971->32972 32973 cade40 59 API calls 32972->32973 32974 cab9dd 32973->32974 32975 ca5bb0 58 API calls 32974->32975 32976 cab9eb 32975->32976 32977 ca4360 5 API calls 32976->32977 32978 caba17 32977->32978 32979 cabb1f 32978->32979 32980 caba22 GetTempPathA 32978->32980 32979->32933 32981 caba50 32980->32981 32981->32981 32982 cb8900 58 API calls 32981->32982 32983 caba8d 32982->32983 32983->32983 32984 ca5bb0 58 API calls 32983->32984 32984->32979 32986 ce5f37 32985->32986 32987 ce5f72 32985->32987 32991 ce5f52 32986->32991 33216 cc0f5a 58 API calls __getptd_noexit 32986->33216 33218 ce5fb3 63 API calls 2 library calls 32987->33218 32990 ce5f43 33217 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 32990->33217 32991->32739 32993 ce5f4e 32993->32739 32995 ca1a78 32994->32995 32996 cb8900 58 API calls 32995->32996 32997 ca1b15 32996->32997 32997->32997 32998 ca5bb0 58 API calls 32997->32998 32999 ca1b89 CreateFileA 32998->32999 33000 ca1bb6 _memset 32999->33000 33000->32750 33219 cba481 58 API calls 2 library calls 33001->33219 33003 cba5bf 33003->32751 33005 ca83b6 33004->33005 33006 cb94dd _Allocate 59 API calls 33005->33006 33008 ca83e8 33006->33008 33007 ca846e GetComputerNameA 33009 ca848a 33007->33009 33017 ca84e7 33007->33017 33008->33007 33011 cb8900 58 API calls 33009->33011 33010 cb8900 58 API calls 33012 ca851a 33010->33012 33013 ca8496 33011->33013 33014 ca5bb0 58 API calls 33012->33014 33015 ca5bb0 58 API calls 33013->33015 33016 ca857d 33014->33016 33015->33017 33018 cade40 59 API calls 33016->33018 33017->33010 33019 ca8598 33018->33019 33220 c9cd60 33019->33220 33021 ca85a2 _memset 33230 c9e7a0 33021->33230 33026 c9cd60 59 API calls 33027 ca88ae 33026->33027 33028 c9cfc0 59 API calls 33027->33028 33029 ca891f 33028->33029 33030 c9cd60 59 API calls 33029->33030 33031 ca8929 33030->33031 33032 c9cfc0 59 API calls 33031->33032 33033 ca89f4 33032->33033 33034 c9cd60 59 API calls 33033->33034 33035 ca89fe 33034->33035 33036 c9cfc0 59 API calls 33035->33036 33037 ca8a0d 33036->33037 33038 c9cd60 59 API calls 33037->33038 33039 ca8a17 33038->33039 33040 c9cfc0 59 API calls 33039->33040 33041 ca8a39 33040->33041 33042 c9cd60 59 API calls 33041->33042 33043 ca8a8d 33042->33043 33044 cb8900 58 API calls 33043->33044 33045 ca8a99 33044->33045 33046 c9cfc0 59 API calls 33045->33046 33047 ca8aab 33046->33047 33048 ca5bb0 58 API calls 33047->33048 33049 ca8aed 33048->33049 33050 c9cd60 59 API calls 33049->33050 33051 ca8afa 33050->33051 33052 c9cfc0 59 API calls 33051->33052 33053 ca8b09 33052->33053 33054 c9cd60 59 API calls 33053->33054 33055 ca8b13 33054->33055 33056 c9cfc0 59 API calls 33055->33056 33057 ca8bf3 33056->33057 33058 c9cd60 59 API calls 33057->33058 33059 ca8bfd 33058->33059 33274 c9c910 33059->33274 33061 ca8c17 33062 c9cfc0 59 API calls 33061->33062 33063 ca8c3e 33062->33063 33280 c92510 33063->33280 33065 ca8c94 allocator 33312 cb57c0 33065->33312 33067 ca8ccf 33316 cac870 33067->33316 33069 ca8ced _memset codecvt 33069->32756 33390 cba78f GetSystemTimeAsFileTime 33070->33390 33072 cb8e8c 33072->32771 33074 ca9f15 CreateToolhelp32Snapshot 33073->33074 33076 caa253 _memset 33074->33076 33077 caa020 Process32First 33074->33077 33076->32819 33080 caa056 33077->33080 33078 caa214 CloseHandle 33078->33076 33079 ce5f2b 63 API calls 33079->33080 33080->33078 33080->33079 33081 caa1c3 Process32Next 33080->33081 33082 caa113 33080->33082 33081->33080 33082->33078 33392 cbad83 33083->33392 33085 cb3d88 33085->32846 33087 c9228e 33086->33087 33088 c922a8 33087->33088 33090 ca67c0 64 API calls 33087->33090 33089 cb8900 58 API calls 33088->33089 33091 c922b9 33089->33091 33090->33088 33092 cbae47 126 API calls 33091->33092 33093 c922cc 33092->33093 33094 ca5bb0 58 API calls 33093->33094 33095 c922dd 33094->33095 33096 c92333 33095->33096 33097 c922f5 Sleep 33095->33097 33098 c92357 33096->33098 33679 cbaffd 33096->33679 33099 cb8900 58 API calls 33097->33099 33098->32850 33101 c9230c 33099->33101 33103 cbae47 126 API calls 33101->33103 33102 c9234b 33692 cbab1c 33102->33692 33105 c9231f 33103->33105 33106 ca5bb0 58 API calls 33105->33106 33107 c92330 33106->33107 33107->33096 33109 cbb399 33108->33109 33110 cbb384 33108->33110 33112 cbb3bd 33109->33112 33114 cbb3a8 33109->33114 33800 cc0f5a 58 API calls __getptd_noexit 33110->33800 33804 cc7711 83 API calls 14 library calls 33112->33804 33113 cbb389 33801 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33113->33801 33802 cc0f5a 58 API calls __getptd_noexit 33114->33802 33118 cbb3ad 33803 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33118->33803 33119 cbb3ea 33121 cb3e28 33119->33121 33805 cc4ff2 78 API calls 7 library calls 33119->33805 33121->32856 33806 cbecc0 33123->33806 33125 ca7f01 CreateProcessA 33126 ca7f5a CloseHandle CloseHandle 33125->33126 33127 ca7fa5 33125->33127 33126->33127 33127->32861 33129 cad63e 33128->33129 33130 cad663 StartServiceCtrlDispatcherA 33128->33130 33129->33130 33130->32864 33131->32715 33132->32796 33133->32792 33134->32760 33136 ca0ea8 33135->33136 33143 ca0ea3 _memset 33135->33143 33137 ca0ff0 Sleep 33136->33137 33138 ca1056 33137->33138 33139 cb8900 58 API calls 33138->33139 33140 ca10b9 33139->33140 33140->33140 33141 ca5bb0 58 API calls 33140->33141 33142 ca1192 FindFirstFileA 33141->33142 33142->33143 33144 ca11e1 DeleteFileA FindNextFileA 33142->33144 33143->32764 33146 ca12bc FindClose 33144->33146 33146->33143 33147->32793 33148->32797 33149->32807 33150->32811 33151->32829 33152->32833 33154 cc28c0 ___FrameUnwindToState 58 API calls 33153->33154 33155 c97f31 33154->33155 33155->32705 33156->32885 33157->32889 33159 c9d58f 33158->33159 33159->32892 33161 c9a2c2 AllocateAndInitializeSid 33160->33161 33162 c9a28c 33160->33162 33163 c9a435 33161->33163 33164 c9a324 CheckTokenMembership 33161->33164 33162->33161 33167 c96ca0 33163->33167 33165 c9a402 FreeSid 33164->33165 33166 c9a357 33164->33166 33165->33163 33166->33165 33168 cb8900 58 API calls 33167->33168 33169 c96cd8 GetProcAddress 33168->33169 33170 ca5bb0 58 API calls 33169->33170 33171 c96d5c 33170->33171 33172 c96d8c 33171->33172 33173 c96d7e GetCurrentProcess 33171->33173 33172->32897 33174 c9e620 GetWindowsDirectoryA 33172->33174 33173->33172 33175 c9e688 33174->33175 33176 cb8900 58 API calls 33175->33176 33179 c9e6ec 33175->33179 33177 c9e6a1 33176->33177 33178 ca5bb0 58 API calls 33177->33178 33178->33179 33179->32903 33181 cade84 codecvt 33180->33181 33198 ca4780 33181->33198 33185 ca436d __write_nolock 33184->33185 33186 c91da0 WaitForSingleObject 33185->33186 33187 ca43d5 33186->33187 33188 ca43e1 33187->33188 33189 ca43f6 CreateFileA 33187->33189 33190 c96df0 ReleaseMutex 33188->33190 33191 ca4418 33189->33191 33194 ca442e ___check_float_string 33189->33194 33193 ca43ec 33190->33193 33192 c96df0 ReleaseMutex 33191->33192 33192->33193 33193->32912 33193->32913 33195 ca449d WriteFile 33194->33195 33195->33194 33196 ca4549 CloseHandle 33195->33196 33214 c96df0 ReleaseMutex 33196->33214 33201 c98950 33198->33201 33202 c98960 _DebugHeapAllocator 33201->33202 33205 ca7dd0 33202->33205 33204 c98970 33204->32904 33206 ca7de3 _DebugHeapAllocator 33205->33206 33207 ca7e0a 33206->33207 33208 ca7dea std::ios_base::clear 33206->33208 33213 c9bea0 59 API calls 2 library calls 33207->33213 33212 c9e390 59 API calls 4 library calls 33208->33212 33210 ca7e08 std::ios_base::clear char_traits 33210->33204 33212->33210 33213->33210 33215 c96e11 33214->33215 33215->33193 33216->32990 33217->32993 33218->32991 33219->33003 33221 c9cdb9 allocator 33220->33221 33323 cb5d20 33221->33323 33223 c9cdd7 codecvt 33224 cb5d20 58 API calls 33223->33224 33225 c9ce42 33224->33225 33332 c99400 33225->33332 33227 c9ce55 33341 ca8020 33227->33341 33231 cb8900 58 API calls 33230->33231 33232 c9e81b 33231->33232 33233 ca5bb0 58 API calls 33232->33233 33234 c9e869 GetProcessHeap 33233->33234 33235 c9e882 33234->33235 33240 c9e87b 33234->33240 33236 cb8900 58 API calls 33235->33236 33237 c9e88e LoadLibraryA 33236->33237 33238 ca5bb0 58 API calls 33237->33238 33239 c9e903 33238->33239 33239->33240 33241 cb8900 58 API calls 33239->33241 33264 c9cfc0 33240->33264 33242 c9e9c7 GetProcAddress 33241->33242 33243 ca5bb0 58 API calls 33242->33243 33244 c9e9e9 33243->33244 33245 c9ea03 HeapAlloc 33244->33245 33246 c9e9f2 FreeLibrary 33244->33246 33247 c9ea4d GetAdaptersInfo 33245->33247 33248 c9ea3c FreeLibrary 33245->33248 33246->33240 33249 c9ea65 HeapFree HeapAlloc 33247->33249 33250 c9eb04 GetAdaptersInfo 33247->33250 33248->33240 33251 c9eaab 33249->33251 33252 c9ea9a FreeLibrary 33249->33252 33253 c9eb34 33250->33253 33263 c9ed9e 33250->33263 33251->33250 33252->33240 33256 cb8900 58 API calls 33253->33256 33254 c9efdd FreeLibrary 33254->33240 33255 c9efcd HeapFree 33255->33254 33257 c9eb40 33256->33257 33258 ca5bb0 58 API calls 33257->33258 33259 c9ec20 33258->33259 33260 cb8900 58 API calls 33259->33260 33259->33263 33261 c9ed4d 33260->33261 33262 ca5bb0 58 API calls 33261->33262 33262->33263 33263->33254 33263->33255 33265 c9cfdd allocator 33264->33265 33266 cb5d20 58 API calls 33265->33266 33267 c9d0c9 codecvt 33266->33267 33268 cb5d20 58 API calls 33267->33268 33269 c9d1bc 33268->33269 33270 c99400 59 API calls 33269->33270 33271 c9d1cf 33270->33271 33272 ca8020 58 API calls 33271->33272 33273 c9d201 33272->33273 33273->33026 33275 c9c96f _memset 33274->33275 33276 cb8900 58 API calls 33275->33276 33277 c9c98e 33276->33277 33278 ca5bb0 58 API calls 33277->33278 33279 c9ca97 33278->33279 33279->33061 33281 cb8900 58 API calls 33280->33281 33282 c92639 33281->33282 33283 cb8900 58 API calls 33282->33283 33284 c9264b 33283->33284 33285 cbb368 __snprintf 83 API calls 33284->33285 33286 c92670 33285->33286 33287 cb8900 58 API calls 33286->33287 33288 c9267f 33287->33288 33289 ca5bb0 58 API calls 33288->33289 33290 c92690 33289->33290 33291 cbb368 __snprintf 83 API calls 33290->33291 33292 c926b2 33291->33292 33293 cb8900 58 API calls 33292->33293 33294 c926c1 33293->33294 33295 ca5bb0 58 API calls 33294->33295 33296 c926d2 33295->33296 33297 cbb368 __snprintf 83 API calls 33296->33297 33298 c926e6 33297->33298 33299 ca5bb0 58 API calls 33298->33299 33300 c92716 33299->33300 33303 c92bb7 33300->33303 33306 ca0880 59 API calls 33300->33306 33348 cabd40 59 API calls std::ios_base::clear 33300->33348 33301 c931b4 33302 ca5bb0 58 API calls 33301->33302 33304 c931bf 33302->33304 33303->33301 33310 ca0880 59 API calls 33303->33310 33311 c92f40 33303->33311 33349 cabd40 59 API calls std::ios_base::clear 33303->33349 33304->33065 33306->33300 33310->33303 33311->33301 33350 ca0880 59 API calls 33311->33350 33351 cabd40 59 API calls std::ios_base::clear 33311->33351 33313 cb57cb 33312->33313 33314 c99400 59 API calls 33313->33314 33315 cb5800 33314->33315 33315->33067 33352 c99370 33316->33352 33318 cac899 33356 cbb5d9 33318->33356 33320 cac8af ___check_float_string 33321 c99400 59 API calls 33320->33321 33322 cac91e 33320->33322 33321->33322 33322->33069 33324 cb5d36 33323->33324 33325 cb5faa 33324->33325 33326 cb5f05 33324->33326 33329 cb5f68 ___check_float_string 33324->33329 33328 cba6fd _malloc 58 API calls 33325->33328 33327 cba6fd _malloc 58 API calls 33326->33327 33327->33329 33330 cb5fb9 _memset ___check_float_string 33328->33330 33329->33223 33331 cba688 _free 58 API calls 33330->33331 33331->33329 33333 c99415 _DebugHeapAllocator 33332->33333 33334 c9943c 33333->33334 33335 c9941c std::ios_base::clear 33333->33335 33336 c99455 33334->33336 33346 cac150 59 API calls std::ios_base::clear 33334->33346 33345 c97160 59 API calls 4 library calls 33335->33345 33338 c9943a std::ios_base::clear char_traits 33336->33338 33347 c9bea0 59 API calls 2 library calls 33336->33347 33338->33227 33343 ca8038 _memset 33341->33343 33342 c9ce5e 33342->33021 33343->33342 33344 cba688 _free 58 API calls 33343->33344 33344->33342 33345->33338 33346->33336 33347->33338 33348->33300 33349->33303 33350->33311 33351->33311 33353 c993a8 codecvt 33352->33353 33354 c993f0 33353->33354 33360 ca67c0 33353->33360 33354->33318 33357 ccadeb __EH_prolog3_catch 33356->33357 33358 cb94dd _Allocate 59 API calls 33357->33358 33359 ccae03 33358->33359 33359->33320 33361 ca6804 33360->33361 33362 c91da0 WaitForSingleObject 33361->33362 33363 ca686c 33362->33363 33366 cb8900 58 API calls 33363->33366 33382 ca6937 33363->33382 33364 ca69b2 33385 ca6a3b 33364->33385 33386 cba657 58 API calls ___FrameUnwindToState 33364->33386 33365 ca699c CryptGenRandom 33365->33364 33367 ca6888 GetProcAddress 33366->33367 33369 cb8900 58 API calls 33367->33369 33370 ca68af 33369->33370 33373 ca5bb0 58 API calls 33370->33373 33371 ca69ce 33387 cba657 58 API calls ___FrameUnwindToState 33371->33387 33372 c96df0 ReleaseMutex 33375 ca6b5f 33372->33375 33376 ca68c0 GetProcAddress 33373->33376 33375->33353 33378 ca5bb0 58 API calls 33376->33378 33377 ca69d6 33388 cba657 58 API calls ___FrameUnwindToState 33377->33388 33380 ca68e3 33378->33380 33380->33382 33384 ca6920 CryptAcquireContextA 33380->33384 33381 ca6a33 33389 cba657 58 API calls ___FrameUnwindToState 33381->33389 33382->33364 33382->33365 33384->33382 33385->33372 33386->33371 33387->33377 33388->33381 33389->33385 33391 cba7bd __time64 33390->33391 33391->33072 33394 cbad8f _doexit 33392->33394 33393 cbada1 33443 cc0f5a 58 API calls __getptd_noexit 33393->33443 33394->33393 33397 cbadce 33394->33397 33396 cbada6 33444 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33396->33444 33411 cc4afa 33397->33411 33400 cbadd3 33401 cbade9 33400->33401 33402 cbaddc 33400->33402 33404 cbae12 33401->33404 33405 cbadf2 33401->33405 33445 cc0f5a 58 API calls __getptd_noexit 33402->33445 33426 cc4c19 33404->33426 33446 cc0f5a 58 API calls __getptd_noexit 33405->33446 33407 cbadb1 _doexit @_EH4_CallFilterFunc@8 33407->33085 33412 cc4b06 _doexit 33411->33412 33413 cc050d __lock 58 API calls 33412->33413 33414 cc4b14 33413->33414 33415 cc4b8f 33414->33415 33419 cc05b5 __mtinitlocknum 58 API calls 33414->33419 33424 cc4b88 33414->33424 33451 cc3e81 59 API calls __lock 33414->33451 33452 cc3eeb LeaveCriticalSection LeaveCriticalSection _doexit 33414->33452 33417 cbfccb __malloc_crt 58 API calls 33415->33417 33418 cc4b96 33417->33418 33418->33424 33453 cc092e InitializeCriticalSectionAndSpinCount 33418->33453 33419->33414 33421 cc4c05 _doexit 33421->33400 33423 cc4bbc EnterCriticalSection 33423->33424 33448 cc4c10 33424->33448 33434 cc4c36 33426->33434 33427 cc4c4a 33458 cc0f5a 58 API calls __getptd_noexit 33427->33458 33429 cc4c4f 33459 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33429->33459 33430 cc4e4d 33455 cd2e8a 33430->33455 33433 cbae1d 33447 cbae3f LeaveCriticalSection LeaveCriticalSection _ungetc 33433->33447 33434->33427 33442 cc4df1 33434->33442 33460 cd2ea8 58 API calls __mbsnbcmp_l 33434->33460 33436 cc4db7 33436->33427 33461 cd2fd7 66 API calls __mbsnbicmp_l 33436->33461 33438 cc4dea 33438->33442 33462 cd2fd7 66 API calls __mbsnbicmp_l 33438->33462 33440 cc4e09 33440->33442 33463 cd2fd7 66 API calls __mbsnbicmp_l 33440->33463 33442->33427 33442->33430 33443->33396 33444->33407 33445->33407 33446->33407 33447->33407 33454 cc0697 LeaveCriticalSection 33448->33454 33450 cc4c17 33450->33421 33451->33414 33452->33414 33453->33423 33454->33450 33464 cd2d73 33455->33464 33457 cd2ea3 33457->33433 33458->33429 33459->33433 33460->33436 33461->33438 33462->33440 33463->33442 33467 cd2d7f _doexit 33464->33467 33465 cd2d95 33482 cc0f5a 58 API calls __getptd_noexit 33465->33482 33467->33465 33468 cd2dcb 33467->33468 33475 cd2e3c 33468->33475 33469 cd2d9a 33483 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33469->33483 33474 cd2da4 _doexit 33474->33457 33485 cb9fe3 33475->33485 33478 cd2de7 33484 cd2e10 LeaveCriticalSection __unlock_fhandle 33478->33484 33481 cba688 _free 58 API calls 33481->33478 33482->33469 33483->33474 33484->33474 33486 cb9ff0 33485->33486 33487 cba006 33485->33487 33580 cc0f5a 58 API calls __getptd_noexit 33486->33580 33487->33486 33489 cba00d ___crtIsPackagedApp 33487->33489 33492 cba023 MultiByteToWideChar 33489->33492 33493 cba016 AreFileApisANSI 33489->33493 33490 cb9ff5 33581 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33490->33581 33495 cba04e 33492->33495 33496 cba03d GetLastError 33492->33496 33493->33492 33494 cba020 33493->33494 33494->33492 33497 cbfccb __malloc_crt 58 API calls 33495->33497 33582 cc0f39 58 API calls 2 library calls 33496->33582 33499 cba056 33497->33499 33500 cb9fff 33499->33500 33501 cba05d MultiByteToWideChar 33499->33501 33500->33478 33506 cd0ffd 33500->33506 33501->33500 33502 cba073 GetLastError 33501->33502 33583 cc0f39 58 API calls 2 library calls 33502->33583 33504 cba07f 33505 cba688 _free 58 API calls 33504->33505 33505->33500 33507 cd101d 33506->33507 33584 ce091e 33507->33584 33509 cd1170 33678 cc047d 8 API calls 2 library calls 33509->33678 33511 cd174f 33512 cd1039 33512->33509 33513 cd1073 33512->33513 33519 cd1096 33512->33519 33615 cc0f26 58 API calls __getptd_noexit 33513->33615 33515 cd1078 33616 cc0f5a 58 API calls __getptd_noexit 33515->33616 33517 cd1085 33617 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33517->33617 33518 cd1154 33618 cc0f26 58 API calls __getptd_noexit 33518->33618 33519->33518 33526 cd1132 33519->33526 33522 cd108f 33522->33481 33523 cd1159 33619 cc0f5a 58 API calls __getptd_noexit 33523->33619 33525 cd1166 33620 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33525->33620 33591 cd227a 33526->33591 33529 cd1200 33530 cd122d 33529->33530 33531 cd120a 33529->33531 33609 cd0dc9 33530->33609 33621 cc0f26 58 API calls __getptd_noexit 33531->33621 33534 cd120f 33622 cc0f5a 58 API calls __getptd_noexit 33534->33622 33535 cd12cd GetFileType 33538 cd12d8 GetLastError 33535->33538 33539 cd131a 33535->33539 33537 cd1219 33623 cc0f5a 58 API calls __getptd_noexit 33537->33623 33626 cc0f39 58 API calls 2 library calls 33538->33626 33628 cd2626 59 API calls __free_osfhnd 33539->33628 33540 cd129b GetLastError 33624 cc0f39 58 API calls 2 library calls 33540->33624 33545 cd12ff CloseHandle 33547 cd12c0 33545->33547 33548 cd130d 33545->33548 33546 cd0dc9 ___createFile 3 API calls 33549 cd1290 33546->33549 33625 cc0f5a 58 API calls __getptd_noexit 33547->33625 33627 cc0f5a 58 API calls __getptd_noexit 33548->33627 33549->33535 33549->33540 33553 cd1312 33553->33547 33554 cd1338 33555 cd14f3 33554->33555 33557 cd13b9 33554->33557 33629 cd2a81 60 API calls 3 library calls 33554->33629 33555->33509 33558 cd16c6 CloseHandle 33555->33558 33557->33555 33573 cd2a81 60 API calls __lseeki64_nolock 33557->33573 33577 cd13c1 33557->33577 33648 cc41a6 33557->33648 33560 cd0dc9 ___createFile 3 API calls 33558->33560 33559 cd13a2 33559->33577 33630 cc0f26 58 API calls __getptd_noexit 33559->33630 33561 cd16ed 33560->33561 33563 cd16f5 GetLastError 33561->33563 33579 cd157d 33561->33579 33676 cc0f39 58 API calls 2 library calls 33563->33676 33565 cd2a81 60 API calls __lseeki64_nolock 33565->33577 33566 cd1701 33677 cd2423 59 API calls __free_osfhnd 33566->33677 33568 ce018d 70 API calls __read_nolock 33568->33577 33572 cd1570 33574 cc3ff3 __close_nolock 61 API calls 33572->33574 33573->33557 33576 cd1577 33574->33576 33575 cd1559 33575->33555 33647 cc0f5a 58 API calls __getptd_noexit 33576->33647 33577->33557 33577->33565 33577->33568 33577->33572 33577->33575 33631 cc3ff3 33577->33631 33646 cdfdd5 82 API calls 5 library calls 33577->33646 33579->33509 33580->33490 33581->33500 33582->33500 33583->33504 33585 ce093d 33584->33585 33586 ce0928 33584->33586 33585->33512 33587 cc0f5a __free_osfhnd 58 API calls 33586->33587 33588 ce092d 33587->33588 33589 cc0452 __snprintf 9 API calls 33588->33589 33590 ce0938 33589->33590 33590->33512 33592 cd2286 _doexit 33591->33592 33593 cc05b5 __mtinitlocknum 58 API calls 33592->33593 33594 cd2297 33593->33594 33595 cc050d __lock 58 API calls 33594->33595 33596 cd229c _doexit 33594->33596 33605 cd22aa 33595->33605 33596->33529 33597 cd23f8 33598 cd241a __alloc_osfhnd LeaveCriticalSection 33597->33598 33598->33596 33599 cd238a 33600 cbfc83 __calloc_crt 58 API calls 33599->33600 33604 cd2393 33600->33604 33601 cd232a EnterCriticalSection 33603 cd233a LeaveCriticalSection 33601->33603 33601->33605 33602 cc050d __lock 58 API calls 33602->33605 33603->33605 33604->33597 33606 cd21ec ___lock_fhandle 59 API calls 33604->33606 33605->33597 33605->33599 33605->33601 33605->33602 33607 cc092e __alloc_osfhnd InitializeCriticalSectionAndSpinCount 33605->33607 33608 cd2352 __alloc_osfhnd LeaveCriticalSection 33605->33608 33606->33597 33607->33605 33608->33605 33610 cd0dd4 ___crtIsPackagedApp 33609->33610 33611 cd0e2f CreateFileW 33610->33611 33612 cd0dd8 GetModuleHandleW GetProcAddress 33610->33612 33614 cd0e4d 33611->33614 33613 cd0df5 33612->33613 33613->33614 33614->33535 33614->33540 33614->33546 33615->33515 33616->33517 33617->33522 33618->33523 33619->33525 33620->33509 33621->33534 33622->33537 33623->33522 33624->33547 33625->33509 33626->33545 33627->33553 33628->33554 33629->33559 33630->33557 33632 cd24a9 __commit 58 API calls 33631->33632 33634 cc4001 33632->33634 33633 cc4057 33635 cd2423 __free_osfhnd 59 API calls 33633->33635 33634->33633 33636 cd24a9 __commit 58 API calls 33634->33636 33645 cc4035 33634->33645 33638 cc405f 33635->33638 33640 cc402c 33636->33640 33637 cd24a9 __commit 58 API calls 33641 cc4041 CloseHandle 33637->33641 33639 cc4081 33638->33639 33642 cc0f39 __dosmaperr 58 API calls 33638->33642 33639->33577 33643 cd24a9 __commit 58 API calls 33640->33643 33641->33633 33644 cc404d GetLastError 33641->33644 33642->33639 33643->33645 33644->33633 33645->33633 33645->33637 33646->33577 33647->33579 33649 cc41b2 _doexit 33648->33649 33650 cc41bf 33649->33650 33651 cc41d6 33649->33651 33652 cc0f26 __free_osfhnd 58 API calls 33650->33652 33653 cc4275 33651->33653 33655 cc41ea 33651->33655 33654 cc41c4 33652->33654 33656 cc0f26 __free_osfhnd 58 API calls 33653->33656 33657 cc0f5a __free_osfhnd 58 API calls 33654->33657 33658 cc4208 33655->33658 33659 cc4212 33655->33659 33664 cc420d 33656->33664 33671 cc41cb _doexit 33657->33671 33661 cc0f26 __free_osfhnd 58 API calls 33658->33661 33660 cd21ec ___lock_fhandle 59 API calls 33659->33660 33662 cc4218 33660->33662 33661->33664 33665 cc423e 33662->33665 33666 cc422b 33662->33666 33663 cc0f5a __free_osfhnd 58 API calls 33667 cc4281 33663->33667 33664->33663 33670 cc0f5a __free_osfhnd 58 API calls 33665->33670 33668 cc4295 __write_nolock 76 API calls 33666->33668 33669 cc0452 __snprintf 9 API calls 33667->33669 33672 cc4237 33668->33672 33669->33671 33673 cc4243 33670->33673 33671->33557 33675 cc426d __write LeaveCriticalSection 33672->33675 33674 cc0f26 __free_osfhnd 58 API calls 33673->33674 33674->33672 33675->33671 33676->33566 33677->33579 33678->33511 33680 cbb009 _doexit 33679->33680 33681 cbb03f 33680->33681 33682 cbb027 33680->33682 33684 cbb037 _doexit 33680->33684 33707 cc3e42 33681->33707 33705 cc0f5a 58 API calls __getptd_noexit 33682->33705 33684->33102 33686 cbb02c 33706 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33686->33706 33687 cbb045 33713 cbaea1 78 API calls 7 library calls 33687->33713 33690 cbb059 33714 cbb077 LeaveCriticalSection LeaveCriticalSection _ungetc 33690->33714 33693 cbab28 _doexit 33692->33693 33694 cbab3c 33693->33694 33695 cbab54 33693->33695 33731 cc0f5a 58 API calls __getptd_noexit 33694->33731 33697 cc3e42 __lock_file 59 API calls 33695->33697 33701 cbab4c _doexit 33695->33701 33699 cbab66 33697->33699 33698 cbab41 33732 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33698->33732 33715 cbaab0 33699->33715 33701->33098 33705->33686 33706->33684 33708 cc3e74 EnterCriticalSection 33707->33708 33709 cc3e52 33707->33709 33712 cc3e6a 33708->33712 33709->33708 33710 cc3e5a 33709->33710 33711 cc050d __lock 58 API calls 33710->33711 33711->33712 33712->33687 33713->33690 33714->33684 33716 cbaabf 33715->33716 33717 cbaad3 33715->33717 33777 cc0f5a 58 API calls __getptd_noexit 33716->33777 33724 cbaacf 33717->33724 33734 cbabd9 33717->33734 33719 cbaac4 33778 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33719->33778 33733 cbab8b LeaveCriticalSection LeaveCriticalSection _ungetc 33724->33733 33727 cbaaed 33751 cc3f18 33727->33751 33729 cbaaf3 33729->33724 33730 cba688 _free 58 API calls 33729->33730 33730->33724 33731->33698 33732->33701 33733->33701 33735 cbabec 33734->33735 33739 cbaadf 33734->33739 33736 cc3d7e __output_p_l 58 API calls 33735->33736 33735->33739 33737 cbac09 33736->33737 33738 cc41a6 __write 78 API calls 33737->33738 33738->33739 33740 cc408d 33739->33740 33741 cbaae7 33740->33741 33742 cc409a 33740->33742 33744 cc3d7e 33741->33744 33742->33741 33743 cba688 _free 58 API calls 33742->33743 33743->33741 33745 cc3d9d 33744->33745 33746 cc3d88 33744->33746 33745->33727 33779 cc0f5a 58 API calls __getptd_noexit 33746->33779 33748 cc3d8d 33780 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33748->33780 33750 cc3d98 33750->33727 33752 cc3f24 _doexit 33751->33752 33753 cc3f48 33752->33753 33754 cc3f31 33752->33754 33755 cc3fd3 33753->33755 33757 cc3f58 33753->33757 33790 cc0f26 58 API calls __getptd_noexit 33754->33790 33795 cc0f26 58 API calls __getptd_noexit 33755->33795 33761 cc3f76 33757->33761 33762 cc3f80 33757->33762 33759 cc3f36 33791 cc0f5a 58 API calls __getptd_noexit 33759->33791 33792 cc0f26 58 API calls __getptd_noexit 33761->33792 33781 cd21ec 33762->33781 33763 cc3f7b 33796 cc0f5a 58 API calls __getptd_noexit 33763->33796 33767 cc3f86 33769 cc3f99 33767->33769 33770 cc3fa4 33767->33770 33768 cc3fdf 33797 cc0452 9 API calls __invalid_parameter_noinfo_noreturn 33768->33797 33772 cc3ff3 __close_nolock 61 API calls 33769->33772 33793 cc0f5a 58 API calls __getptd_noexit 33770->33793 33775 cc3f9f 33772->33775 33773 cc3f3d _doexit 33773->33729 33794 cc3fcb LeaveCriticalSection __unlock_fhandle 33775->33794 33777->33719 33778->33724 33779->33748 33780->33750 33782 cd21f8 _doexit 33781->33782 33783 cd2247 EnterCriticalSection 33782->33783 33784 cc050d __lock 58 API calls 33782->33784 33785 cd226d _doexit 33783->33785 33786 cd221d 33784->33786 33785->33767 33787 cd2235 33786->33787 33798 cc092e InitializeCriticalSectionAndSpinCount 33786->33798 33799 cd2271 LeaveCriticalSection _doexit 33787->33799 33790->33759 33791->33773 33792->33763 33793->33775 33794->33773 33795->33763 33796->33768 33797->33773 33798->33787 33799->33783 33800->33113 33801->33121 33802->33118 33803->33121 33804->33119 33805->33121 33807 cbeccc 33806->33807 33807->33125 33807->33807 33809 c973f7 33808->33809 33810 c97de0 61 API calls 33809->33810 33811 c974fc 33810->33811 33812 ca0e80 63 API calls 33811->33812 33813 c9752a 33812->33813 33814 cb8900 58 API calls 33813->33814 33815 c97598 33814->33815 33815->33815 33816 ca5bb0 58 API calls 33815->33816 33824 c9760c 33816->33824 33817 c97a48 Sleep 33921 caa690 33817->33921 33819 cb8e80 GetSystemTimeAsFileTime 33819->33824 33820 ca9ee0 67 API calls 33820->33824 33822 c92240 134 API calls 33822->33824 33823 ca7e90 3 API calls 33823->33824 33824->33817 33824->33819 33824->33820 33824->33822 33824->33823 33825 cb8900 58 API calls 33824->33825 33837 c9fb90 33824->33837 33848 c9a5b0 33824->33848 33825->33824 33827 c97784 _memset codecvt 33827->33824 33828 cb4ed0 129 API calls 33827->33828 33829 c98040 151 API calls 33827->33829 33830 cb8900 58 API calls 33827->33830 33831 cade40 59 API calls 33827->33831 33832 ca46c0 59 API calls 33827->33832 33833 c9cd60 59 API calls 33827->33833 33835 c9a5b0 95 API calls 33827->33835 33836 ca5bb0 58 API calls 33827->33836 33929 cb40e0 59 API calls 4 library calls 33827->33929 33828->33827 33829->33827 33830->33827 33831->33827 33832->33827 33833->33827 33835->33827 33836->33827 33838 cb8900 58 API calls 33837->33838 33839 c9fbbd 33838->33839 33840 cb8900 58 API calls 33839->33840 33841 c9fbd2 33840->33841 33930 cb73d0 33841->33930 33844 ca5bb0 58 API calls 33845 c9fc16 33844->33845 33846 ca5bb0 58 API calls 33845->33846 33847 c9fc3a 33846->33847 33847->33824 33849 c9a5db 33848->33849 33850 cb8e80 GetSystemTimeAsFileTime 33849->33850 33852 c9a63f 33850->33852 33851 c9a842 codecvt 33851->33827 33852->33851 33853 cb8900 58 API calls 33852->33853 33854 c9aa0a 33853->33854 33855 cade40 59 API calls 33854->33855 33856 c9aa70 33855->33856 33857 ca5bb0 58 API calls 33856->33857 33858 c9ab6c 33857->33858 33859 c9acf4 33858->33859 33860 cb8900 58 API calls 33858->33860 33861 c9cfc0 59 API calls 33859->33861 33863 c9ab8b 33860->33863 33862 c9ad06 33861->33862 33864 cb8900 58 API calls 33862->33864 33866 ca5bb0 58 API calls 33863->33866 33865 c9ad22 33864->33865 33867 c9cfc0 59 API calls 33865->33867 33868 c9abad 33866->33868 33869 c9ad34 33867->33869 33868->33859 33936 caca40 59 API calls 2 library calls 33868->33936 33870 ca5bb0 58 API calls 33869->33870 33871 c9ad3f 33870->33871 33873 c9cfc0 59 API calls 33871->33873 33875 c9ad51 33873->33875 33874 c9acb3 33876 cb8900 58 API calls 33874->33876 33877 c9add3 33875->33877 33879 cb8900 58 API calls 33875->33879 33878 c9acbf 33876->33878 33884 cb8900 58 API calls 33877->33884 33880 cade40 59 API calls 33878->33880 33881 c9ad63 33879->33881 33882 c9acd1 33880->33882 33883 c9cfc0 59 API calls 33881->33883 33885 ca5bb0 58 API calls 33882->33885 33886 c9ad75 33883->33886 33887 c9af27 33884->33887 33885->33859 33889 cb8900 58 API calls 33886->33889 33888 c9cfc0 59 API calls 33887->33888 33890 c9af39 33888->33890 33891 c9ad81 33889->33891 33893 ca5bb0 58 API calls 33890->33893 33892 ca5bb0 58 API calls 33891->33892 33894 c9ad92 33892->33894 33895 c9af44 33893->33895 33899 cbb368 __snprintf 83 API calls 33894->33899 33896 c9af59 socket 33895->33896 33937 ca46c0 59 API calls 2 library calls 33895->33937 33896->33851 33898 c9af7b 33896->33898 33900 c9af9b gethostbyname 33898->33900 33901 c9af81 setsockopt 33898->33901 33902 c9adb3 33899->33902 33900->33851 33903 c9afbe inet_ntoa inet_addr htons connect 33900->33903 33901->33900 33904 ca5bb0 58 API calls 33902->33904 33903->33851 33907 c9b071 33903->33907 33905 c9adc1 33904->33905 33906 c9cfc0 59 API calls 33905->33906 33906->33877 33908 c9b084 send 33907->33908 33919 c9b0a6 33908->33919 33909 c9b127 recv 33910 c9b191 closesocket 33909->33910 33909->33919 33910->33851 33913 c9b43b 33910->33913 33941 caca40 59 API calls 2 library calls 33913->33941 33916 cb57c0 59 API calls 33916->33919 33917 cb8900 58 API calls 33917->33919 33919->33851 33919->33909 33919->33910 33919->33916 33919->33917 33920 ca5bb0 58 API calls 33919->33920 33938 ca9310 GetSystemTimeAsFileTime 33919->33938 33939 ca92d0 59 API calls 33919->33939 33940 cae800 58 API calls _swscanf 33919->33940 33920->33919 33922 caa6d2 std::ios_base::good Concurrency::details::HardwareAffinity::operator!= 33921->33922 33924 caa78a std::_Mutex_base::~_Mutex_base 33922->33924 33925 caa847 33922->33925 33927 caa7f3 Concurrency::details::HardwareAffinity::operator!= 33922->33927 33923 caa7bd DeleteFileA 33923->33924 33924->33922 33924->33923 33942 c97220 59 API calls 3 library calls 33924->33942 33925->33824 33927->33925 33943 cb5a20 59 API calls 33927->33943 33929->33827 33931 cb744c 33930->33931 33931->33931 33932 cb8900 58 API calls 33931->33932 33933 cb77a4 33932->33933 33933->33933 33934 ca5bb0 58 API calls 33933->33934 33935 c9fbed 33934->33935 33935->33844 33936->33874 33937->33896 33938->33919 33939->33919 33940->33919 33941->33851 33942->33924 33943->33927

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 00CAE9C0 Relevance: 272.4, APIs: 150, Strings: 3, Instructions: 4607libraryloadersleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CAECF9
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CAED7D
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?), ref: 00CAEF7A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF009
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF0CA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF194
                                                                                                                                                                                                                  • Part of subcall function 00CB8900: _malloc.LIBCMT ref: 00CB897B
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _memset.LIBCMT ref: 00CA5C01
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _free.LIBCMT ref: 00CA5C43
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF2E2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF320
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF35E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF39C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF3DA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF418
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF47E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF4F9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF57A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF670
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF6AF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF77F
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF7FC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF853
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAF9FD
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFA3C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFA7B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFAD8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFB4E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFBE8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFC27
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFCA7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFCE5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFD53
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFD91
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFDCF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFE4A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFE89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFEC8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFF70
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CAFFAE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0013
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0051
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB00B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB00F7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB024B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB028A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB02D5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0314
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0353
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB03BC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB041D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB04E0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB054B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB065A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0699
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0790
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB07D9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0838
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0877
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB08E6
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0925
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0964
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB09D3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0AE9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0BD4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0C52
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0CD9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0D2B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0D6A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0E21
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 00CB0EA6
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 00CB0EF6
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00CB0F92
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB0FEE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB102D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB10E2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB1131
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB118A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB11C9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB1208
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB12B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB12F8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB14DB
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB15E0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB1634
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB1673
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB16B2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB1730
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB176E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 00CB17E5
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 00CB18B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB18F8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1990
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB19CF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1A26
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1A89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1AD8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1B3B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1BAA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1C18
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1D36
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1D75
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1DB4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1DF3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1E32
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1E89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1EF0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB1FA7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB201D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB205B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB2118
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB2175
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB21B4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB21F3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB2232
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CB2299
                                                                                                                                                                                                                  • Part of subcall function 00C97DE0: GetSystemTime.KERNEL32(?,?,?,?,?,?,00C974FC), ref: 00C97E5C
                                                                                                                                                                                                                  • Part of subcall function 00C97DE0: GetTickCount.KERNEL32 ref: 00C97EEF
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(?,C:\Windows\system32\config\systemprofile,00000104), ref: 00CB233E
                                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 00CB2391
                                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 00CB23AC
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 00CB23BD
                                                                                                                                                                                                                  • Part of subcall function 00CB94DD: _malloc.LIBCMT ref: 00CB94F5
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00CB2543
                                                                                                                                                                                                                • __itow.LIBCMT ref: 00CB254A
                                                                                                                                                                                                                  • Part of subcall function 00CAACD0: GetVersionExA.KERNEL32(00CF6DB8), ref: 00CAAD42
                                                                                                                                                                                                                  • Part of subcall function 00CAACD0: CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00CAAE1E
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 00CB2A37
                                                                                                                                                                                                                  • Part of subcall function 00CBA7E0: ___copy_path_to_wide_string.LIBCMT ref: 00CBA7F5
                                                                                                                                                                                                                • Sleep.KERNEL32(00000D05), ref: 00CB2A7E
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 00CB2A92
                                                                                                                                                                                                                  • Part of subcall function 00CBA7E0: __wstat64i32.LIBCMT ref: 00CBA80D
                                                                                                                                                                                                                  • Part of subcall function 00CBA7E0: _free.LIBCMT ref: 00CBA817
                                                                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 00CB2C44
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 00CB2C57
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000200), ref: 00CB2C8C
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000080), ref: 00CB2C9B
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,00000000,00000000), ref: 00CB2CE0
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000002), ref: 00CB2F2B
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000080), ref: 00CB2F3C
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 00CB302E
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 00CB3071
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000200), ref: 00CB313E
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00CB3379
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 00CB33B9
                                                                                                                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 00CB3912
                                                                                                                                                                                                                  • Part of subcall function 00CA1CE0: _strstr.LIBCMT ref: 00CA1CEB
                                                                                                                                                                                                                • CloseHandle.KERNEL32(0000011C), ref: 00CB3AA1
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080), ref: 00CB3AB3
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,?,00000000), ref: 00CB3AC9
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000002), ref: 00CB3AE0
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 00CB3B3C
                                                                                                                                                                                                                  • Part of subcall function 00CA4900: _memset.LIBCMT ref: 00CA4A25
                                                                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 00CB3BD1
                                                                                                                                                                                                                  • Part of subcall function 00CBAE47: __fsopen.LIBCMT ref: 00CBAE52
                                                                                                                                                                                                                  • Part of subcall function 00C92240: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,00C9763B,?), ref: 00C922FA
                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(C:\bamqdjw\czmruiag.exe,00000080), ref: 00CB3BE3
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,C:\bamqdjw\czmruiag.exe,00000000), ref: 00CB3BF7
                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(C:\bamqdjw\czmruiag.exe,00000002), ref: 00CB3C44
                                                                                                                                                                                                                  • Part of subcall function 00CA6E60: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00CA6EEE
                                                                                                                                                                                                                  • Part of subcall function 00CA6E60: Process32First.KERNEL32(00000000,00000128), ref: 00CA6F71
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CB3E23
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CB3EF4
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CB3F0A
                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_00007390,00000000,00000000,00000000), ref: 00CB3F21
                                                                                                                                                                                                                • Sleep.KERNEL32(0000C350), ref: 00CB3F63
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 00CB263F
                                                                                                                                                                                                                  • Part of subcall function 00CBA5B0: _doexit.LIBCMT ref: 00CBA5BA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$File$AttributesSleep$Create$_memset$LibraryLoad$CopyModuleMutex__stat32i64_malloc$CommandCountHandleLineNameTick_free$CloseDirectoryEnvironmentFirstProcess32SnapshotStartupSystemThreadTimeToolhelp32VariableVersion___copy_path_to_wide_string__fsopen__itow__snprintf__wstat64i32_doexit_strstr
                                                                                                                                                                                                                • String ID: C:\Windows\system32\config\systemprofile$C:\bamqdjw\czmruiag.exe$ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe"
                                                                                                                                                                                                                • API String ID: 3228906957-2524360930
                                                                                                                                                                                                                • Opcode ID: 55f144d32b2cef55aef166e04bae6e80a391d327fa4a4ae0b0a950ac1bae0782
                                                                                                                                                                                                                • Instruction ID: fb3718246b67eec23c488149b0a91d82bd84f83c7573ab558aba6b8933082765
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55f144d32b2cef55aef166e04bae6e80a391d327fa4a4ae0b0a950ac1bae0782
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83A39DB1D00A489FD712CF74EC91BBDBB75BF49345F008259E709AA261EB712984CF52
                                                                                                                                                                                                                Function 00C9E7A0 Relevance: 25.0, APIs: 13, Strings: 1, Instructions: 510memorylibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1045 c9e7a0-c9e830 call cb8900 1048 c9e836-c9e85c 1045->1048 1048->1048 1049 c9e85e-c9e879 call ca5bb0 GetProcessHeap 1048->1049 1052 c9e87b-c9e87d 1049->1052 1053 c9e882-c9e91c call cb8900 LoadLibraryA call ca5bb0 1049->1053 1054 c9f042-c9f045 1052->1054 1059 c9e9bb-c9e9f0 call cb8900 GetProcAddress call ca5bb0 1053->1059 1060 c9e922-c9e99e 1053->1060 1067 c9ea03-c9ea3a HeapAlloc 1059->1067 1068 c9e9f2-c9e9fe FreeLibrary 1059->1068 1061 c9e9a0-c9e9ad 1060->1061 1062 c9e9b4-c9e9b6 1060->1062 1061->1062 1062->1054 1069 c9ea4d-c9ea5f GetAdaptersInfo 1067->1069 1070 c9ea3c-c9ea48 FreeLibrary 1067->1070 1068->1054 1071 c9ea65-c9ea98 HeapFree HeapAlloc 1069->1071 1072 c9eb04-c9eb2e GetAdaptersInfo 1069->1072 1070->1054 1073 c9eaab-c9eaea 1071->1073 1074 c9ea9a-c9eaa6 FreeLibrary 1071->1074 1075 c9efb8-c9efcb 1072->1075 1076 c9eb34-c9eb58 call cb8900 1072->1076 1073->1072 1079 c9eaec-c9eafc 1073->1079 1074->1054 1077 c9efdd-c9f03f FreeLibrary 1075->1077 1078 c9efcd-c9efd7 HeapFree 1075->1078 1082 c9eb5e-c9eb84 1076->1082 1077->1054 1078->1077 1079->1072 1082->1082 1083 c9eb86-c9ebd2 1082->1083 1084 c9ec15-c9ec26 call ca5bb0 1083->1084 1085 c9ebd4-c9ec0e 1083->1085 1088 c9ec29-c9ec2d 1084->1088 1085->1084 1089 c9ef98-c9efb2 1088->1089 1090 c9ec33-c9ec44 1088->1090 1089->1075 1091 c9ec47-c9ec54 1090->1091 1092 c9ec84-c9ec89 1091->1092 1093 c9ec56-c9ec5a 1091->1093 1096 c9ec8c-c9ec9c 1092->1096 1094 c9ec7b-c9ec82 1093->1094 1095 c9ec5c-c9ec6b 1093->1095 1094->1096 1095->1092 1097 c9ec6d-c9ec79 1095->1097 1098 c9ef2f-c9ef93 1096->1098 1099 c9eca2-c9ecb4 1096->1099 1097->1091 1097->1094 1098->1088 1100 c9ecb7-c9ecc4 1099->1100 1101 c9ecf4-c9ecf9 1100->1101 1102 c9ecc6-c9ecca 1100->1102 1103 c9ecfc-c9ed12 1101->1103 1104 c9eceb-c9ecf2 1102->1104 1105 c9eccc-c9ecdb 1102->1105 1103->1098 1106 c9ed18-c9ed22 1103->1106 1104->1103 1105->1101 1107 c9ecdd-c9ece9 1105->1107 1108 c9ed41-c9ed65 call cb8900 1106->1108 1109 c9ed24 1106->1109 1107->1100 1107->1104 1112 c9ed6b-c9ed91 1108->1112 1109->1088 1112->1112 1113 c9ed93-c9eda1 call ca5bb0 1112->1113 1116 c9eda8-c9edb4 1113->1116 1117 c9edba-c9ee17 1116->1117 1118 c9ee8c-c9ef2d 1116->1118 1119 c9ee19-c9ee1d 1117->1119 1120 c9ee1e-c9ee87 1117->1120 1118->1089 1119->1120 1120->1116
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00CB8900: _malloc.LIBCMT ref: 00CB897B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00C9E86C
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 00C9E8C8
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _memset.LIBCMT ref: 00CA5C01
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _free.LIBCMT ref: 00CA5C43
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00C9E9D5
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00C9E9F6
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000288), ref: 00C9EA2D
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00C9EA40
                                                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 00C9EA55
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00C9EA7B
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000288), ref: 00C9EA8B
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00C9EA9E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeHeapLibrary$Alloc$AdaptersAddressInfoLoadProcProcess_free_malloc_memset
                                                                                                                                                                                                                • String ID: o
                                                                                                                                                                                                                • API String ID: 1543936905-252678980
                                                                                                                                                                                                                • Opcode ID: 92a00d3db66118d046daaafa3ee06f63cf80a525430e457dac745831fc5b6abe
                                                                                                                                                                                                                • Instruction ID: 8d9f2d88b4a069d2c9be9c4c879788b8791f2a0bc499cb2b0aa7771c98e778d6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92a00d3db66118d046daaafa3ee06f63cf80a525430e457dac745831fc5b6abe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E425871D00A48DFCB06CFB9E894BADBBB1BF59304F148259E605BB261E7306985CF52
                                                                                                                                                                                                                Function 00CA67C0 Relevance: 12.2, APIs: 8, Instructions: 201libraryencryptionloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1382 ca67c0-ca6802 1383 ca6860-ca6876 call c91da0 1382->1383 1384 ca6804-ca685b 1382->1384 1387 ca687c-ca6915 call cb8900 GetProcAddress call cb8900 call ca5bb0 GetProcAddress call ca5bb0 1383->1387 1388 ca6993-ca699a 1383->1388 1384->1383 1413 ca6937-ca6971 1387->1413 1414 ca6917-ca691e 1387->1414 1389 ca69bc-ca69c3 1388->1389 1390 ca699c-ca69b0 CryptGenRandom 1388->1390 1394 ca69c9-ca6a48 call cba657 * 4 1389->1394 1395 ca6a4d-ca6aa2 1389->1395 1390->1389 1392 ca69b2 1390->1392 1392->1389 1394->1395 1397 ca6aa8-ca6b34 1395->1397 1398 ca6b54-ca6b69 call c96df0 1395->1398 1397->1398 1402 ca6b36-ca6b4e 1397->1402 1402->1398 1418 ca6973-ca6980 1413->1418 1419 ca6987 1413->1419 1414->1413 1416 ca6920-ca6935 CryptAcquireContextA 1414->1416 1416->1413 1420 ca6989 1416->1420 1418->1419 1419->1388 1420->1388
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CA6898
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 00CA68CD
                                                                                                                                                                                                                • CryptAcquireContextA.ADVAPI32(00CF75B0,00000000,00000000,00000001,00000000,?,?,?,?,?,?,?,?,?), ref: 00CA692D
                                                                                                                                                                                                                • CryptGenRandom.ADVAPI32(00000000,00000004,00C922A8,?,?,?,?,?,?,?,?,?,?,?,?,00C922A8), ref: 00CA69A8
                                                                                                                                                                                                                • _rand.LIBCMT ref: 00CA69C9
                                                                                                                                                                                                                • _rand.LIBCMT ref: 00CA69D1
                                                                                                                                                                                                                • _rand.LIBCMT ref: 00CA6A2E
                                                                                                                                                                                                                • _rand.LIBCMT ref: 00CA6A36
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _rand$AddressCryptProc$AcquireContextRandom
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3501257216-0
                                                                                                                                                                                                                • Opcode ID: 13827038857effc63ef82136b442e555c97f8c0695d67c90c2aa9cf4ab0f3b8c
                                                                                                                                                                                                                • Instruction ID: abc29b79d25f5b0ed2b313f7afe9d3f52d8363081913919019eedbaf9d5c66aa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13827038857effc63ef82136b442e555c97f8c0695d67c90c2aa9cf4ab0f3b8c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5919DB2900E048FC706CF78EC4577DBBB5BB89345F048319E705AB2A1EB716485CB56
                                                                                                                                                                                                                Function 00CA0E80 Relevance: 9.3, APIs: 6, Instructions: 286sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1428 ca0e80-ca0ea1 1429 ca0ea8-ca0ecd 1428->1429 1430 ca0ea3 1428->1430 1432 ca0ecf-ca0ef1 1429->1432 1433 ca0ef3-ca0f08 1429->1433 1431 ca1364-ca1369 1430->1431 1434 ca0f0e-ca0fdb call cae430 1432->1434 1433->1434 1437 ca0fde-ca0fee 1434->1437 1437->1437 1438 ca0ff0-ca1053 Sleep 1437->1438 1439 ca1056-ca1066 1438->1439 1439->1439 1440 ca1068-ca1080 1439->1440 1441 ca1083-ca1094 1440->1441 1441->1441 1442 ca1096-ca10fc call cb8900 1441->1442 1445 ca10ff-ca110f 1442->1445 1445->1445 1446 ca1111-ca1129 1445->1446 1447 ca112c-ca113d 1446->1447 1447->1447 1448 ca113f-ca11db call ca5bb0 FindFirstFileA 1447->1448 1451 ca11e1-ca1213 1448->1451 1452 ca12c6-ca135c call cbecc0 1448->1452 1454 ca121b-ca1232 1451->1454 1452->1431 1456 ca1235-ca1245 1454->1456 1456->1456 1457 ca1247-ca125f 1456->1457 1458 ca1262-ca1273 1457->1458 1458->1458 1459 ca1275-ca12b6 DeleteFileA FindNextFileA 1458->1459 1459->1454 1460 ca12bc-ca12c0 FindClose 1459->1460 1460->1452
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNELBASE(000003E8), ref: 00CA1037
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                • Opcode ID: 0009cc7bc04e5580c58a850b0e0f765266d6bc0c9d2b5b46de2489e81a114f90
                                                                                                                                                                                                                • Instruction ID: ff41a4f1b7eac25fe0bb7296596fe0fdcaf3382a313f58b15a420dae7003889e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0009cc7bc04e5580c58a850b0e0f765266d6bc0c9d2b5b46de2489e81a114f90
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19E19C75C00A499FCB06CFB9E8817ADBBB1BF89344F148349DA0677261EB706985CF51
                                                                                                                                                                                                                Function 00CAD5E0 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • StartServiceCtrlDispatcherA.ADVAPI32(?), ref: 00CAD685
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CtrlDispatcherServiceStart
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3789849863-0
                                                                                                                                                                                                                • Opcode ID: 4952fe705ea22a0fcf40c29eb6648a2437aab8e8c1181d151af2ee07923f41d7
                                                                                                                                                                                                                • Instruction ID: 700b9d88821df8237b18911c553d7d0780c8e14f642dbf827865bb8d2e237fe3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4952fe705ea22a0fcf40c29eb6648a2437aab8e8c1181d151af2ee07923f41d7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF010571800E499EC702DFA9EC647BEBBB4FF8A341F408709DA0576220EBB051C5CB92
                                                                                                                                                                                                                Function 00CAACD0 Relevance: 30.7, APIs: 15, Strings: 2, Instructions: 936fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 862 caacd0-caad63 call c9d580 GetVersionExA call c9a200 call c96ca0 869 caad69-caada6 call c9e620 862->869 870 caaec7-caaecf 862->870 876 caadac-caadbc 869->876 871 caaed7-caaf36 call cb8900 call cade40 call ca5bb0 870->871 885 caaf38-caaf50 871->885 886 caaf79-caaf89 871->886 876->876 878 caadbe-caade2 876->878 880 caade5-caadf6 878->880 880->880 882 caadf8-caae2b CreateDirectoryA call cb8900 880->882 887 caae30-caae45 882->887 888 caaf52-caaf6f 885->888 889 caaf77 885->889 891 caaf91-caafbf call ca0d00 call ca0a50 call ca4360 886->891 890 caae4b-caae5b 887->890 888->889 889->891 890->890 892 caae5d-caae81 890->892 903 cab0de-cab188 call c9e620 891->903 904 caafc5-cab01b 891->904 894 caae84-caae95 892->894 894->894 896 caae97-caaec5 call ca5bb0 894->896 896->871 911 cab18e-cab19e 903->911 905 cab01d-cab06a 904->905 906 cab072-cab09e DeleteFileA 904->906 905->906 908 cab0a0-cab0cc 906->908 909 cab0d1-cab0d8 RemoveDirectoryA 906->909 908->909 909->903 911->911 912 cab1a0-cab1c4 911->912 913 cab1c7-cab1d8 912->913 913->913 914 cab1da-cab219 CreateDirectoryA 913->914 915 cab21f-cab245 914->915 915->915 916 cab247-cab24e 915->916 917 cab25a-cab29c call caaa00 CreateDirectoryA call cb8900 916->917 918 cab250 916->918 923 cab2a2-cab2b2 917->923 918->917 923->923 924 cab2b4-cab2d8 923->924 925 cab2db-cab2ec 924->925 925->925 926 cab2ee-cab398 call cb8900 call ca5bb0 925->926 931 cab39e-cab42c 926->931 932 cab457-cab4da call cade40 call ca5bb0 call ca0d00 call ca0a50 call ca4360 926->932 931->932 933 cab42e-cab451 931->933 944 cabbba-cabc2f call caaa00 SetFileAttributesA 932->944 945 cab4e0-cab4e7 932->945 933->932 953 cabcee-cabd14 call cbecc0 call ca0810 944->953 954 cabc35-cabca0 944->954 947 cab4e9-cab52f call cb8900 call cbb368 call ca5bb0 945->947 948 cab531-cab574 call cb8900 call cbb368 call ca5bb0 945->948 970 cab577-cab5ac 947->970 948->970 958 cabcda-cabce6 954->958 959 cabca2-cabcd8 954->959 958->953 959->953 971 cab5b2-cab5c2 970->971 971->971 972 cab5c4-cab5e8 971->972 973 cab5eb-cab5fc 972->973 973->973 974 cab5fe-cab63d CreateDirectoryA 973->974 975 cab643-cab669 974->975 975->975 976 cab66b-cab6dd call caaa00 CreateDirectoryA call cb8900 975->976 981 cab6e3-cab6f3 976->981 981->981 982 cab6f5-cab719 981->982 983 cab71c-cab72d 982->983 983->983 984 cab72f-cab7c3 call cb8900 call ca5bb0 call cade40 call ca5bb0 call ca0d00 call ca0a50 call ca4360 983->984 984->944 999 cab7c9-cab7ea GetTempPathA 984->999 1000 cab7f0-cab800 999->1000 1000->1000 1001 cab802-cab829 1000->1001 1002 cab834-cab838 1001->1002 1003 cab83a-cab848 1002->1003 1004 cab89f-cab8b2 1002->1004 1006 cab84a-cab89b 1003->1006 1007 cab89d 1003->1007 1005 cab8b8-cab8de 1004->1005 1005->1005 1009 cab8e0-cab936 call caaa00 CreateDirectoryA call cb8900 1005->1009 1006->1004 1007->1002 1014 cab93c-cab94c 1009->1014 1014->1014 1015 cab94e-cab972 1014->1015 1016 cab975-cab986 1015->1016 1016->1016 1017 cab988-caba1c call cb8900 call ca5bb0 call cade40 call ca5bb0 call ca0d00 call ca0a50 call ca4360 1016->1017 1032 cabb3a-cabb7e 1017->1032 1033 caba22-caba4a GetTempPathA 1017->1033 1032->944 1034 cabb80-cabbb5 1032->1034 1035 caba50-caba7f 1033->1035 1034->944 1035->1035 1036 caba81-cabaa2 call cb8900 1035->1036 1039 cabaa8-cabab8 1036->1039 1039->1039 1040 cababa-cabade 1039->1040 1041 cabae1-cabaf2 1040->1041 1041->1041 1042 cabaf4-cabb32 call ca5bb0 1041->1042 1042->1032
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersionExA.KERNEL32(00CF6DB8), ref: 00CAAD42
                                                                                                                                                                                                                  • Part of subcall function 00C9A200: AllocateAndInitializeSid.ADVAPI32(00000000,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00C9A311
                                                                                                                                                                                                                  • Part of subcall function 00C9A200: CheckTokenMembership.KERNELBASE(00000000,?,00000000), ref: 00C9A349
                                                                                                                                                                                                                  • Part of subcall function 00C96CA0: GetProcAddress.KERNEL32(74DD0000,?), ref: 00C96CE8
                                                                                                                                                                                                                  • Part of subcall function 00C96CA0: GetCurrentProcess.KERNEL32(00000000), ref: 00C96D82
                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00CAAE1E
                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(00000000,?,?,?,?,?,?), ref: 00CAB079
                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(00000000,?,?,?,?,?,?), ref: 00CAB0D8
                                                                                                                                                                                                                  • Part of subcall function 00C9E620: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00C9E679
                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?), ref: 00CAB200
                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?), ref: 00CAB275
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _memset.LIBCMT ref: 00CA5C01
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _free.LIBCMT ref: 00CA5C43
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CAB516
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CAB55E
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CAB624
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00CAB692
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,00000000,?,?,?,?,?,?), ref: 00CAB7D5
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 00CAB8FB
                                                                                                                                                                                                                  • Part of subcall function 00CB8900: _malloc.LIBCMT ref: 00CB897B
                                                                                                                                                                                                                  • Part of subcall function 00CA4360: CreateFileA.KERNELBASE(00000002,40000000,00000000,00000000,00000002,00000000,00000000,00000000,?,?,?,?,?,?,00001000), ref: 00CA4409
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,00000000,?,?,?,?,?,?), ref: 00CABA2E
                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(00000000,00000002,?,?,?,?,?,?,?), ref: 00CABBEE
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CABCFC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Directory$Create$File$PathTemp__snprintf_memset$AddressAllocateAttributesCheckCurrentDeleteInitializeMembershipProcProcessRemoveTokenVersionWindows_free_malloc
                                                                                                                                                                                                                • String ID: C:\Windows\system32\config\systemprofile$\
                                                                                                                                                                                                                • API String ID: 3801090003-3206176487
                                                                                                                                                                                                                • Opcode ID: 420f4ccfc0eb2c495f542f94d23287f7b76166deb60bb35d0670848346ac2791
                                                                                                                                                                                                                • Instruction ID: 6545c72c1f889b6f9f15612dc1649acad3fecdecb970fa1b80dd448cf994e410
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 420f4ccfc0eb2c495f542f94d23287f7b76166deb60bb35d0670848346ac2791
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7A28C75D00A598FCB15CFA8DC91BEDBBB1BF4A304F148299E60A77252EB701A84CF51
                                                                                                                                                                                                                Function 00CBEEA4 Relevance: 24.1, APIs: 16, Instructions: 89COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1121 cbeea4-cbeed6 call ccc365 call cbfdf0 call cc08f3 call ccc318 1131 cbeed8-cbeeda 1121->1131 1132 cbeedc-cbeeeb 1121->1132 1133 cbef0f-cbef19 call cc2a93 1131->1133 1132->1131 1134 cbeeed-cbeef9 1132->1134 1139 cbef1b-cbef22 call cbf044 1133->1139 1140 cbef23-cbef2a call cc29fa 1133->1140 1134->1131 1135 cbeefb-cbef04 1134->1135 1135->1133 1137 cbef06-cbef0c 1135->1137 1137->1133 1139->1140 1145 cbef2c-cbef33 call cbf044 1140->1145 1146 cbef34-cbef44 call cc04cd call cca5a6 1140->1146 1145->1146 1153 cbef4e-cbef6a GetCommandLineA call ccc401 call ccc008 1146->1153 1154 cbef46-cbef4d call cbf044 1146->1154 1161 cbef6c-cbef73 call cba2a1 1153->1161 1162 cbef74-cbef7b call ccc237 1153->1162 1154->1153 1161->1162 1167 cbef7d-cbef84 call cba2a1 1162->1167 1168 cbef85-cbef8f call cba2db 1162->1168 1167->1168 1173 cbef98-cbefa6 call ccc48e call ca2280 1168->1173 1174 cbef91-cbef97 call cba2a1 1168->1174 1180 cbefab-cbefb2 1173->1180 1174->1173 1181 cbefba-cbeffd call cba2cc call cbfe35 1180->1181 1182 cbefb4-cbefb5 call cba5b0 1180->1182 1182->1181
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __amsg_exit_fast_error_exit$___crt$CommandEnvironmentInfoInitializeLineModeShowStartupStringsWindow___security_init_cookie__cinit__ioinit__setargv__setenvp__wincmdln
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 722230336-0
                                                                                                                                                                                                                • Opcode ID: 6c55ba77f48671b679285f8478f9e836e2c7b5cd27957cb9d606a7182a452543
                                                                                                                                                                                                                • Instruction ID: 8e4b9662a00be742f809805d04109496e321d685b62c83527298140d856e2e68
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c55ba77f48671b679285f8478f9e836e2c7b5cd27957cb9d606a7182a452543
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4821C42164435599EB207BF4DC8BFFD22646F10B15F24416EFA089A1D3EEB4CA81B253
                                                                                                                                                                                                                Function 00C9A5B0 Relevance: 17.3, APIs: 11, Instructions: 816networkCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1189 c9a5b0-c9a6cb call c9d580 call cb8e80 1194 c9a6cd-c9a703 1189->1194 1195 c9a74c-c9a788 1189->1195 1197 c9a74a 1194->1197 1198 c9a705-c9a745 1194->1198 1196 c9a790-c9a7cc 1195->1196 1199 c9a7d2-c9a7e2 1196->1199 1197->1196 1198->1197 1199->1199 1200 c9a7e4-c9a840 1199->1200 1201 c9a84f-c9a856 1200->1201 1202 c9a842-c9a84a call ca0810 1200->1202 1204 c9a861-c9a867 1201->1204 1209 c9b47a-c9b47f 1202->1209 1206 c9a869-c9a889 1204->1206 1207 c9a8ca-c9a8d9 1204->1207 1210 c9a8c8 1206->1210 1211 c9a88b-c9a89c 1206->1211 1208 c9a8df-c9a8ef 1207->1208 1208->1208 1213 c9a8f1-c9a90c 1208->1213 1210->1204 1214 c9a8a7-c9a8ad 1211->1214 1215 c9a912-c9a922 1213->1215 1216 c9a8af-c9a8c4 1214->1216 1217 c9a8c6 1214->1217 1215->1215 1219 c9a924-c9a944 1215->1219 1216->1214 1217->1207 1220 c9a953-c9a962 1219->1220 1221 c9a946-c9a94e call ca0810 1219->1221 1223 c9a970-c9a979 1220->1223 1224 c9a964-c9a969 1220->1224 1221->1209 1226 c9a97c-c9a98c 1223->1226 1224->1223 1226->1226 1227 c9a98e-c9a9ac 1226->1227 1228 c9a9af-c9a9c0 1227->1228 1228->1228 1229 c9a9c2-c9aaf9 call cb8900 call cade40 1228->1229 1234 c9aafb-c9ab2f 1229->1234 1235 c9ab31-c9ab59 1229->1235 1236 c9ab61-c9ab79 call ca5bb0 call ca0d00 1234->1236 1235->1236 1241 c9ab7f-c9abd9 call cb8900 call cabe70 call ca5bb0 1236->1241 1242 c9acf7-c9ad55 call c9cfc0 call cb8900 call c9cfc0 call ca5bb0 call c9cfc0 1236->1242 1241->1242 1255 c9abdf-c9ac53 1241->1255 1265 c9add3-c9ae32 1242->1265 1266 c9ad57-c9adce call cb8900 call c9cfc0 call cb8900 call ca5bb0 call ca0d00 call cbb368 call ca5bb0 call c9cfc0 1242->1266 1257 c9aca0-c9acf4 call caca40 call cb8900 call cade40 call ca5bb0 1255->1257 1258 c9ac55-c9ac9b 1255->1258 1257->1242 1258->1257 1268 c9ae49-c9aec9 1265->1268 1269 c9ae34-c9ae44 1265->1269 1266->1265 1272 c9af1b-c9af4b call cb8900 call c9cfc0 call ca5bb0 1268->1272 1274 c9aecb-c9af13 1268->1274 1269->1272 1291 c9af59-c9af6c socket 1272->1291 1292 c9af4d-c9af54 call ca46c0 1272->1292 1274->1272 1295 c9af7b-c9af7f 1291->1295 1296 c9af6e-c9af76 call ca0810 1291->1296 1292->1291 1299 c9af9b-c9afaf gethostbyname 1295->1299 1300 c9af81-c9af95 setsockopt 1295->1300 1296->1209 1303 c9afbe-c9b026 inet_ntoa inet_addr htons connect 1299->1303 1304 c9afb1-c9afb9 call ca0810 1299->1304 1300->1299 1305 c9b028-c9b02f 1303->1305 1306 c9b071-c9b0a4 call ca0d00 call ca0a50 send 1303->1306 1304->1209 1309 c9b031-c9b05e 1305->1309 1310 c9b064-c9b06c call ca0810 1305->1310 1320 c9b0f7-c9b102 call ca0d00 1306->1320 1321 c9b0a6-c9b0ef 1306->1321 1309->1310 1310->1209 1324 c9b111-c9b120 call c97f80 1320->1324 1325 c9b104-c9b10c call ca0810 1320->1325 1321->1320 1330 c9b127-c9b178 recv 1324->1330 1325->1209 1331 c9b17a-c9b18f call ca9310 1330->1331 1332 c9b191 1330->1332 1331->1332 1340 c9b196-c9b1fc call ca0d00 call ca92d0 call c9cf10 1331->1340 1334 c9b38d-c9b439 closesocket 1332->1334 1335 c9b43b-c9b46b call caca40 1334->1335 1336 c9b472-c9b475 call ca0810 1334->1336 1335->1336 1336->1209 1348 c9b1fe 1340->1348 1349 c9b203-c9b232 call cb57c0 1340->1349 1348->1334 1352 c9b238-c9b26d call cb8900 call cabe70 call ca5bb0 1349->1352 1353 c9b326-c9b32a 1349->1353 1370 c9b2ea-c9b31f 1352->1370 1371 c9b26f-c9b28b call cae800 1352->1371 1355 c9b32c-c9b33a call ca0d00 1353->1355 1356 c9b33e-c9b375 1353->1356 1355->1356 1366 c9b33c 1355->1366 1359 c9b388 1356->1359 1360 c9b377-c9b384 call ca0d00 1356->1360 1359->1330 1360->1359 1367 c9b386 1360->1367 1366->1334 1367->1334 1370->1353 1371->1370 1374 c9b28d-c9b2e3 call cb8900 call cabe70 call ca5bb0 1371->1374 1374->1370 1381 c9b2e5 1374->1381 1381->1334
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00CB8E80: __time64.LIBCMT ref: 00CB8E87
                                                                                                                                                                                                                  • Part of subcall function 00CB8900: _malloc.LIBCMT ref: 00CB897B
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _memset.LIBCMT ref: 00CA5C01
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _free.LIBCMT ref: 00CA5C43
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00C9ADAE
                                                                                                                                                                                                                • socket.WS2_32(00000002,00000001,00000006), ref: 00C9AF5F
                                                                                                                                                                                                                • setsockopt.WS2_32(000000FF,0000FFFF,00001006,00000000,00000004), ref: 00C9AF95
                                                                                                                                                                                                                • gethostbyname.WS2_32(?), ref: 00C9AFA2
                                                                                                                                                                                                                • inet_ntoa.WS2_32(00000000), ref: 00C9AFEE
                                                                                                                                                                                                                • inet_addr.WS2_32(00000000), ref: 00C9AFF5
                                                                                                                                                                                                                • htons.WS2_32(00000050), ref: 00C9B003
                                                                                                                                                                                                                • connect.WS2_32(000000FF,?,00000010), ref: 00C9B01D
                                                                                                                                                                                                                • send.WS2_32(000000FF,00000000,00000000,00000000), ref: 00C9B089
                                                                                                                                                                                                                • recv.WS2_32(000000FF,?,00000400,00000000), ref: 00C9B139
                                                                                                                                                                                                                • closesocket.WS2_32(000000FF), ref: 00C9B3D1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __snprintf__time64_free_malloc_memsetclosesocketconnectgethostbynamehtonsinet_addrinet_ntoarecvsendsetsockoptsocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4080495170-0
                                                                                                                                                                                                                • Opcode ID: 02159a312feab88f798ab0f6f946eb5570c3f81aad34bdfcd97b8aafe9140f57
                                                                                                                                                                                                                • Instruction ID: 4f674dd957bf8fa1d1744edfc8135ea8728e69be06116f94fd3037ada90a3b09
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02159a312feab88f798ab0f6f946eb5570c3f81aad34bdfcd97b8aafe9140f57
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7826A71C00E499FCB06CFB4EC91BADB775BF89344F108249E6067A2A1EB706985DF52
                                                                                                                                                                                                                Function 00CA7C00 Relevance: 12.1, APIs: 8, Instructions: 84registrysynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegisterServiceCtrlHandlerA.ADVAPI32(014AF3B0,Function_00015800), ref: 00CA7C94
                                                                                                                                                                                                                • SetServiceStatus.SECHOST(014B6AE0,00CF7070), ref: 00CA7CC2
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00CA7CD0
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(014B6AE0,00CF7070), ref: 00CA7D1E
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000210,00001388), ref: 00CA7D2F
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(014B6AE0,00CF7070), ref: 00CA7D61
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000210), ref: 00CA7D6D
                                                                                                                                                                                                                • SetServiceStatus.ADVAPI32(014B6AE0,00CF7070), ref: 00CA7DBB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Service$Status$CloseCreateCtrlEventHandleHandlerObjectRegisterSingleWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3399922960-0
                                                                                                                                                                                                                • Opcode ID: 180feeaa8243059334148ca80c75433ba84f5f6cb0fc6e346924714d48098706
                                                                                                                                                                                                                • Instruction ID: 56380bf0c14441ecbcfd72e734667b2e9d59f0bb8f7c632284e1afab61dffe12
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 180feeaa8243059334148ca80c75433ba84f5f6cb0fc6e346924714d48098706
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B44103B1508B009FD305CF34FCA9B7E7BB9BB48744F408309E602962B0DBB9548ADB46
                                                                                                                                                                                                                Function 00C97390 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 410COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1461 c97390-c975a7 call c9d580 * 2 call c97de0 call c9cee0 call ca0e80 call caaa00 call cb8900 1476 c975aa-c975ba 1461->1476 1476->1476 1477 c975bc-c975d4 1476->1477 1478 c975d7-c975e8 1477->1478 1478->1478 1479 c975ea-c97613 call ca5bb0 1478->1479 1482 c97618-c9766e call cb8e80 call c92240 1479->1482 1487 c97a3d-c97a65 call c97f80 Sleep call caa690 call ca9ee0 1482->1487 1488 c97674 1482->1488 1501 c97a6a-c97a6f 1487->1501 1490 c97682-c976b2 1488->1490 1491 c97676-c9767c 1488->1491 1495 c976b8-c976de call cb8e80 1490->1495 1496 c97a31-c97a3a 1490->1496 1491->1487 1491->1490 1502 c976e0 1495->1502 1503 c97743-c9777f call c9fb90 call cb8900 call c9a5b0 1495->1503 1496->1487 1504 c97acb 1501->1504 1505 c97a71-c97a78 1501->1505 1506 c976e8-c9773b call c92240 1502->1506 1507 c976e2-c976e6 1502->1507 1518 c97784-c977c8 call ca5bb0 call cb4ed0 call c98040 1503->1518 1504->1482 1505->1504 1509 c97a7a-c97ac8 call ca7e90 1505->1509 1506->1503 1507->1503 1507->1506 1509->1504 1525 c977ce-c97824 call cb8900 1518->1525 1526 c979a5-c979bf call cbecc0 1518->1526 1533 c97839-c9799b call cade40 call ca5bb0 call ca46c0 call c9cd60 call cb40e0 call ca46c0 call ca0810 call cb8900 call c9a5b0 call ca5bb0 call cb4ed0 call c98040 1525->1533 1534 c97826-c97832 1525->1534 1531 c97a18-c97a25 1526->1531 1532 c979c1-c979fd 1526->1532 1531->1496 1535 c979ff-c97a10 1532->1535 1536 c97a16 1532->1536 1533->1526 1534->1533 1535->1536 1536->1496
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountSystemTickTime_malloc
                                                                                                                                                                                                                • String ID: C:\bamqdjw\czmruiag.exe$Z$ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe"
                                                                                                                                                                                                                • API String ID: 3770554779-2861834451
                                                                                                                                                                                                                • Opcode ID: 0d7cd7d252ea47d970737cac48136aea5cda47d3eebd1575e68bde5efd385a4c
                                                                                                                                                                                                                • Instruction ID: b4b00b573e242a7a82dc561527c3ba56611fe2ac876eadfca01f48547c2da807
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d7cd7d252ea47d970737cac48136aea5cda47d3eebd1575e68bde5efd385a4c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84128C71C10A489FCB06DFB4EC91BADB775BF59340F108259E60677261EB706A84CF52
                                                                                                                                                                                                                Function 00C976A3 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 279sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1561 c976a3-c976a9 1562 c976ac-c976b2 1561->1562 1563 c976b8-c976de call cb8e80 1562->1563 1564 c97a31-c97a3a 1562->1564 1569 c976e0 1563->1569 1570 c97743-c977c8 call c9fb90 call cb8900 call c9a5b0 call ca5bb0 call cb4ed0 call c98040 1563->1570 1566 c97a3d-c97a6f call c97f80 Sleep call caa690 call ca9ee0 1564->1566 1584 c97acb call cb8e80 call c92240 1566->1584 1585 c97a71-c97a78 1566->1585 1572 c976e8-c9773b call c92240 1569->1572 1573 c976e2-c976e6 1569->1573 1605 c977ce-c97824 call cb8900 1570->1605 1606 c979a5-c979bf call cbecc0 1570->1606 1572->1570 1573->1570 1573->1572 1584->1566 1601 c97674 1584->1601 1585->1584 1587 c97a7a-c97ac8 call ca7e90 1585->1587 1587->1584 1603 c97682-c976a1 1601->1603 1604 c97676-c9767c 1601->1604 1603->1562 1604->1566 1604->1603 1613 c97839-c9799b call cade40 call ca5bb0 call ca46c0 call c9cd60 call cb40e0 call ca46c0 call ca0810 call cb8900 call c9a5b0 call ca5bb0 call cb4ed0 call c98040 1605->1613 1614 c97826-c97832 1605->1614 1611 c97a18-c97a25 1606->1611 1612 c979c1-c979fd 1606->1612 1611->1564 1615 c979ff-c97a10 1612->1615 1616 c97a16 1612->1616 1613->1606 1614->1613 1615->1616 1616->1564
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNELBASE(000008AE), ref: 00C97A4D
                                                                                                                                                                                                                  • Part of subcall function 00CB8900: _malloc.LIBCMT ref: 00CB897B
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _memset.LIBCMT ref: 00CA5C01
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _free.LIBCMT ref: 00CA5C43
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00C979B3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$Sleep_free_malloc
                                                                                                                                                                                                                • String ID: C:\bamqdjw\czmruiag.exe$Z$ulazkbbwltmi "c:\bamqdjw\erewpegtq.exe"
                                                                                                                                                                                                                • API String ID: 3151160524-2861834451
                                                                                                                                                                                                                • Opcode ID: 3d358bb6c57feb7312c96276f68ea32565d85ec13213881736f6b132938fc442
                                                                                                                                                                                                                • Instruction ID: cf45fa310e8e1e8de320c586ff20f6058675f1d7d57f9ff4a7df5da85ab39f00
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d358bb6c57feb7312c96276f68ea32565d85ec13213881736f6b132938fc442
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53C16FB5C10A08DFCB06DFA4EC91BADB775BF49300F148259E609B7261EB706A84DF52
                                                                                                                                                                                                                Function 00CA7E90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70processCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1641 ca7e90-ca7f58 call cbecc0 CreateProcessA 1644 ca7f5a-ca7fa0 CloseHandle * 2 1641->1644 1645 ca7fa5-ca7fa8 1641->1645 1644->1645
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CA7EFC
                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,00C97AC8,00000000,00000000,00000000,00000008,00000000,00000000,00000044,?), ref: 00CA7F50
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00C97AC8), ref: 00CA7F5E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CA7F68
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle$CreateProcess_memset
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 3113380336-2746444292
                                                                                                                                                                                                                • Opcode ID: b4b88ef281f8f9db55cdbe5d5bbab1d506bf3db4cce3c2801c7362db82651503
                                                                                                                                                                                                                • Instruction ID: cb84fef5c49de2710d51196a7f47b50fbac341d78ee9d097d8504447888af361
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4b88ef281f8f9db55cdbe5d5bbab1d506bf3db4cce3c2801c7362db82651503
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF314DB1910B489FC701CFB8DC41B6DB7B5AF89744F208315E70AAB2A4E7706584CB15
                                                                                                                                                                                                                Function 00CA9EE0 Relevance: 7.7, APIs: 5, Instructions: 196processCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1646 ca9ee0-ca9f13 1647 ca9f58-ca9f7c 1646->1647 1648 ca9f15-ca9f52 1646->1648 1649 ca9fb8-ca9fc8 1647->1649 1650 ca9f7e-ca9fb6 1647->1650 1648->1647 1651 ca9fd0-caa01a CreateToolhelp32Snapshot 1649->1651 1650->1651 1652 caa253-caa279 call cbecc0 1651->1652 1653 caa020-caa053 Process32First 1651->1653 1654 caa056-caa05a 1653->1654 1657 caa060-caa075 1654->1657 1658 caa214-caa24b CloseHandle 1654->1658 1659 caa078-caa09e 1657->1659 1658->1652 1659->1659 1660 caa0a0-caa0bb call ce5f2b 1659->1660 1663 caa0be-caa0cb 1660->1663 1664 caa0fb-caa100 1663->1664 1665 caa0cd-caa0d1 1663->1665 1668 caa103-caa10d 1664->1668 1666 caa0f2-caa0f9 1665->1666 1667 caa0d3-caa0e2 1665->1667 1666->1668 1667->1664 1669 caa0e4-caa0f0 1667->1669 1670 caa1c3-caa20f Process32Next 1668->1670 1671 caa113-caa164 1668->1671 1669->1663 1669->1666 1670->1654 1672 caa1c1 1671->1672 1673 caa166-caa1ab 1671->1673 1672->1658 1673->1672 1674 caa1ad-caa1ba 1673->1674 1674->1672
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00CAA00D
                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00CAA04D
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00CAA206
                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00CAA218
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CAA261
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2526126748-0
                                                                                                                                                                                                                • Opcode ID: be96fe7ba5def83a7ea46d1979cd899285425d6b13f24edcd327dfe42d3d7575
                                                                                                                                                                                                                • Instruction ID: acee5414c90e54facf4095cd0f1445e522fea4f185f50e289d43064aa4e50b08
                                                                                                                                                                                                                • Opcode Fuzzy Hash: be96fe7ba5def83a7ea46d1979cd899285425d6b13f24edcd327dfe42d3d7575
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBA19871C00A0ADECB05CFB9E8807BDBBB1BF49344F148249D6157A260E77516C9CF96
                                                                                                                                                                                                                Function 00CA8370 Relevance: 5.0, APIs: 3, Instructions: 544COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1675 ca8370-ca83b4 1676 ca83ce-ca83f2 call c9bb10 call c9d580 call cb94dd 1675->1676 1677 ca83b6-ca83c6 1675->1677 1684 ca8401 1676->1684 1685 ca83f4-ca83ff call ca0c90 1676->1685 1677->1676 1687 ca8408-ca8450 1684->1687 1685->1687 1689 ca846e-ca8488 GetComputerNameA 1687->1689 1690 ca8452-ca8454 1687->1690 1692 ca84ea-ca8544 call cb8900 1689->1692 1693 ca848a-ca84ae call cb8900 1689->1693 1690->1689 1691 ca8456-ca8466 1690->1691 1691->1689 1698 ca854a-ca8570 1692->1698 1699 ca84b4-ca84da 1693->1699 1698->1698 1700 ca8572-ca8616 call ca5bb0 call cade40 call c9cd60 1698->1700 1699->1699 1701 ca84dc-ca84e7 call ca5bb0 1699->1701 1710 ca8628-ca8646 1700->1710 1711 ca8618-ca8620 1700->1711 1701->1692 1712 ca864c-ca8672 1710->1712 1711->1710 1712->1712 1713 ca8674-ca8692 1712->1713 1714 ca8695-ca86a5 1713->1714 1714->1714 1715 ca86a7-ca86c2 1714->1715 1716 ca86c5-ca86d6 1715->1716 1716->1716 1717 ca86d8-ca8746 1716->1717 1718 ca874c-ca8778 1717->1718 1719 ca8831-ca8865 call cbecc0 call c9e7a0 1717->1719 1720 ca877a-ca87c4 1718->1720 1721 ca87c6-ca882b 1718->1721 1726 ca8868-ca8878 1719->1726 1720->1719 1721->1719 1726->1726 1727 ca887a-ca8969 call c9cfc0 call c9cd60 call c9cfc0 call c9cd60 1726->1727 1736 ca896b-ca899d 1727->1736 1737 ca899f-ca89de 1727->1737 1738 ca89e6-ca8ba3 call c9cfc0 call c9cd60 call c9cfc0 call c9cd60 call c9cfc0 call c9cd60 call cb8900 call c9cfc0 call ca5bb0 call c9cd60 call c9cfc0 call c9cd60 1736->1738 1737->1738 1763 ca8be4-ca8d60 call c9cfc0 call c9cd60 call c9c910 call c999b0 call c9cfc0 call ca5770 call ca0d00 call ca0a50 call c92510 call c97f80 call cb3fd0 call c9a460 call cb57c0 call ca5980 call cac870 call cbecc0 call ca0810 call ca7290 1738->1763 1764 ca8ba5-ca8bde 1738->1764 1764->1763
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetComputerNameA.KERNEL32(?,00000010), ref: 00CA8480
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CA883F
                                                                                                                                                                                                                  • Part of subcall function 00C9C910: _memset.LIBCMT ref: 00C9C96A
                                                                                                                                                                                                                  • Part of subcall function 00CA5770: _memset.LIBCMT ref: 00CA579A
                                                                                                                                                                                                                  • Part of subcall function 00C92510: __snprintf.LIBCMT ref: 00C9266B
                                                                                                                                                                                                                  • Part of subcall function 00C92510: __snprintf.LIBCMT ref: 00C926AD
                                                                                                                                                                                                                  • Part of subcall function 00CA5980: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00CA59E9
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CA8D40
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$__snprintf$Affinity::operator!=ComputerConcurrency::details::HardwareName
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3175924889-0
                                                                                                                                                                                                                • Opcode ID: 14488bb49e5c49cd6db787f50cd38edb21acf009c340200e6521eaad6793f19f
                                                                                                                                                                                                                • Instruction ID: 8d8d1d4ad4593b9d25d8be913a93f4d18f069dc1b88990750577388fa1ec91d0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14488bb49e5c49cd6db787f50cd38edb21acf009c340200e6521eaad6793f19f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5428C71C00A498FCB06DFB8EC917ADBB75BF59344F10825AE60A7B261EB702589CF51
                                                                                                                                                                                                                Function 00C9A200 Relevance: 4.6, APIs: 3, Instructions: 123memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1801 c9a200-c9a28a 1802 c9a28c-c9a2b0 1801->1802 1803 c9a2c2-c9a31e AllocateAndInitializeSid 1801->1803 1802->1803 1804 c9a2b2-c9a2ba 1802->1804 1805 c9a435-c9a437 1803->1805 1806 c9a324-c9a351 CheckTokenMembership 1803->1806 1804->1803 1807 c9a439-c9a449 1805->1807 1808 c9a451-c9a457 1805->1808 1809 c9a402-c9a42f FreeSid 1806->1809 1810 c9a357-c9a39b 1806->1810 1807->1808 1809->1805 1811 c9a39d-c9a3e1 1810->1811 1812 c9a3e3-c9a3f3 1810->1812 1813 c9a3fb 1811->1813 1812->1813 1813->1809
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(00000000,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00C9A311
                                                                                                                                                                                                                • CheckTokenMembership.KERNELBASE(00000000,?,00000000), ref: 00C9A349
                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 00C9A42F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3429775523-0
                                                                                                                                                                                                                • Opcode ID: c196149d386da4de289ff81c6de196cc5cb2ac4c8af37bab43a12a6b4d1f70ac
                                                                                                                                                                                                                • Instruction ID: 205da65c2cf6ecd40f8d86620f628faea981354ff2d755d1a12daff4e92c2adf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c196149d386da4de289ff81c6de196cc5cb2ac4c8af37bab43a12a6b4d1f70ac
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A517971800E498EC706CF79EC9537EBB74BF99384F10830AD706BA161EB706585CB86
                                                                                                                                                                                                                Function 00CA4360 Relevance: 4.6, APIs: 3, Instructions: 121fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1814 ca4360-ca43df call cbb610 call c91da0 1819 ca43e1-ca43f1 call c96df0 1814->1819 1820 ca43f6-ca4416 CreateFileA 1814->1820 1829 ca4566-ca4569 1819->1829 1822 ca4418-ca4429 call c96df0 1820->1822 1823 ca442e-ca443e 1820->1823 1822->1829 1826 ca4446-ca444d 1823->1826 1827 ca444f-ca4455 1826->1827 1828 ca4457 1826->1828 1831 ca445e-ca4543 call cbe670 call cb4a20 WriteFile 1827->1831 1828->1831 1831->1826 1836 ca4549-ca4559 CloseHandle call c96df0 1831->1836 1838 ca455e-ca4561 1836->1838 1838->1829
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00C91DA0: WaitForSingleObject.KERNEL32(00000114,00004E20,?,?,?,?,00CA686C,00000114,?), ref: 00C91EBC
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000002,40000000,00000000,00000000,00000002,00000000,00000000,00000000,?,?,?,?,?,?,00001000), ref: 00CA4409
                                                                                                                                                                                                                  • Part of subcall function 00C96DF0: ReleaseMutex.KERNEL32(00CA6B5F,?,00CA6B5F,00000114,?), ref: 00C96E07
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFileMutexObjectReleaseSingleWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1564016613-0
                                                                                                                                                                                                                • Opcode ID: a76693e6e1b933d8e94beca143cd8e8a736f73180ed505a0f2f1d430e2e0f50d
                                                                                                                                                                                                                • Instruction ID: 5f6720b5059ca40fbf9703ad22db173e495791c6780febaf240f4a5a45a0076b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a76693e6e1b933d8e94beca143cd8e8a736f73180ed505a0f2f1d430e2e0f50d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D951C675900A08EFC705CFB5EC85B6EB374AF88344F10C719E6056B2A1E7706984DF92
                                                                                                                                                                                                                Function 00CB94DD Relevance: 4.5, APIs: 3, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1839 cb94dd-cb94e3 1840 cb94f2-cb94fd call cba6fd 1839->1840 1843 cb94ff-cb9502 1840->1843 1844 cb94e5-cb94f0 call cbfc1f 1840->1844 1844->1840 1847 cb9503-cb952d call cbf1c4 call cbf37c 1844->1847
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CB94F5
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: __FF_MSGBANNER.LIBCMT ref: 00CBA714
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: __NMSG_WRITE.LIBCMT ref: 00CBA71B
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: RtlAllocateHeap.NTDLL(014A0000,00000000,00000001,00000000,00000000,00000000,?,00CBFCE1,00000000,00000000,00000000,00000000,?,00CC05F7,00000018,00CF3E08), ref: 00CBA740
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00CB9513
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00CB9528
                                                                                                                                                                                                                  • Part of subcall function 00CBF37C: RaiseException.KERNEL32(?,?,?,00CF3AD0,?,?,?,?,?,00CB952D,?,00CF3AD0,00000000,00000001), ref: 00CBF3D1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3074076210-0
                                                                                                                                                                                                                • Opcode ID: 99b2ec322f979217df726e5ce6217f817063b13024d72d55e4d620b3ba89c9a7
                                                                                                                                                                                                                • Instruction ID: 313c661a2abc0442746e9f98e928c8245f9ab869b25f9cf9c9d38d044de9764a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99b2ec322f979217df726e5ce6217f817063b13024d72d55e4d620b3ba89c9a7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDE06DB090024EBBCF11EEA5DC429EE7BACEB00304F10456AFD15A6291DF719B56AA91
                                                                                                                                                                                                                Function 00CA1A50 Relevance: 3.1, APIs: 2, Instructions: 108fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000000,00000000), ref: 00CA1BA2
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CA1BD4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFile_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3830271748-0
                                                                                                                                                                                                                • Opcode ID: e10c6dd9868bd27270e2deae009816f6d450e6d2368c479c3d38e2c0d7274b7c
                                                                                                                                                                                                                • Instruction ID: 2cab58ebf4216f4b08f3b63c18d185a9383db70a0d7ceafdb7215f21fd50da9a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e10c6dd9868bd27270e2deae009816f6d450e6d2368c479c3d38e2c0d7274b7c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4341C070D007099FCB01CFA4EC42BFDBBB1AF45314F148259EA1577291EB742A88CB51
                                                                                                                                                                                                                Function 00CBAB1C Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00CC0F5A: __getptd_noexit.LIBCMT ref: 00CC0F5A
                                                                                                                                                                                                                • __lock_file.LIBCMT ref: 00CBAB61
                                                                                                                                                                                                                  • Part of subcall function 00CC3E42: __lock.LIBCMT ref: 00CC3E65
                                                                                                                                                                                                                • __fclose_nolock.LIBCMT ref: 00CBAB6C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2800547568-0
                                                                                                                                                                                                                • Opcode ID: 22c8e4b690f08dfcbaf53d6335d900248969450d25ac781feeba3ce8458bf1b2
                                                                                                                                                                                                                • Instruction ID: ca95db12084d5c14ba583dd8c62a9fd90abb78131ee7f61f92063778f7cc28de
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22c8e4b690f08dfcbaf53d6335d900248969450d25ac781feeba3ce8458bf1b2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33F0B4318003059FDB11BB798802BEEAA916F01731F20811DE4B4AB2C2CB7C8A02BB56
                                                                                                                                                                                                                Function 00CCE043 Relevance: 3.0, APIs: 2, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LCMapStringEx.KERNELBASE(?,?,?,?,?,5EFC4D8B,00000000,00000000,00000000,?,00CCEAA4,?,?,00000000,?,00000000), ref: 00CCE06A
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,?,?,?,?,5EFC4D8B,?,00CCEAA4,?,?,00000000,?,00000000,00000000), ref: 00CCE087
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2568140703-0
                                                                                                                                                                                                                • Opcode ID: 1a598209603559ca500e59da6cc8dbc45061e5cb2ba3db3be18971c3ac7f1620
                                                                                                                                                                                                                • Instruction ID: 13a1fa91db1be1dee2a4da53a15a96b7b601d549ecb9a60c0665b182d617e12b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a598209603559ca500e59da6cc8dbc45061e5cb2ba3db3be18971c3ac7f1620
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCF01F7201020DBFDF069F94EC4AEAE3F6AFB48350B108519FA1949020D772A972EB95
                                                                                                                                                                                                                Function 00CA2280 Relevance: 2.8, APIs: 1, Instructions: 1305COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2102423945-0
                                                                                                                                                                                                                • Opcode ID: 773ecb3a05d8263c983910361baf20f65f4fdd328b55986af03edbc6aa25d1f0
                                                                                                                                                                                                                • Instruction ID: 2d3ce16cdcaa5128342cf234bfad6af71cfcad6032ab03fd50f477d63e2d4505
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 773ecb3a05d8263c983910361baf20f65f4fdd328b55986af03edbc6aa25d1f0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30F21372810E898EC306CF79ED9133EBB75BF9A385714930AD7067A235EB706085DB46
                                                                                                                                                                                                                Function 00CBAE47 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __fsopen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3646066109-0
                                                                                                                                                                                                                • Opcode ID: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                                                                                                                • Instruction ID: 2db6cc7c4beec2f855ed66c374395357810e03bba7131e490f9bdea37269b901
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FB0927244020C77CE022A92EC02A893B199B40765F008061FB0C18561A673A660A68A
                                                                                                                                                                                                                Function 00C92240 Relevance: 1.3, APIs: 1, Instructions: 80sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,00C9763B,?), ref: 00C922FA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                • Opcode ID: 546356459bb1e47e51c5db293f082bfa14034b89e7949886a66f4dcd0472c87d
                                                                                                                                                                                                                • Instruction ID: f0470b3733926b47bc2ceb355b1496d595991f75063ec4aca44749bcf07b200d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 546356459bb1e47e51c5db293f082bfa14034b89e7949886a66f4dcd0472c87d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8031C1B5D00608AFEB00DBE8EC42BAD7774AF45305F14C158E7046B2D1E6726754DB53

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 00CBF9CE Relevance: 15.2, APIs: 10, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___crtGetLocaleInfoA.LIBCMT ref: 00CBFA20
                                                                                                                                                                                                                  • Part of subcall function 00CCDD22: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00CCDD2E
                                                                                                                                                                                                                  • Part of subcall function 00CCDD22: __crtGetLocaleInfoA_stat.LIBCMT ref: 00CCDD43
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00000000), ref: 00CBFA32
                                                                                                                                                                                                                • ___crtGetLocaleInfoA.LIBCMT ref: 00CBFA52
                                                                                                                                                                                                                • ___crtGetLocaleInfoA.LIBCMT ref: 00CBFA94
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00CBFA67
                                                                                                                                                                                                                  • Part of subcall function 00CBFC83: __calloc_impl.LIBCMT ref: 00CBFC92
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00CBFAA9
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBFAC1
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBFB01
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00CBFB2B
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBFB51
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Locale$Info$___crt__calloc_crt_free$A_statErrorLastUpdateUpdate::___calloc_impl__crt
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1754018987-0
                                                                                                                                                                                                                • Opcode ID: ae53852d2d39577802c41de8948aaabfab417c4fc1bfca4e6fdf686ee583c3b7
                                                                                                                                                                                                                • Instruction ID: a0e7819898ef446f7a0849b8c199d2852d5f4ad09aee99db85769c146f4e5844
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae53852d2d39577802c41de8948aaabfab417c4fc1bfca4e6fdf686ee583c3b7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5951927190021AABDF249F65CC51FEABBB9EF14710F1440BDF849D2241EB31DE51AB60
                                                                                                                                                                                                                Function 00CA8DE0 Relevance: 13.6, APIs: 9, Instructions: 132serviceCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,00000002), ref: 00CA8E53
                                                                                                                                                                                                                • CreateServiceA.ADVAPI32(00000000,014AF3B0,014AF3B0,000F01FF,00000110,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00CA8E94
                                                                                                                                                                                                                • ChangeServiceConfig2A.ADVAPI32(00000000,00000001,?), ref: 00CA8F35
                                                                                                                                                                                                                • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00CA8F6C
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00CA8F76
                                                                                                                                                                                                                • OpenServiceA.ADVAPI32(00000000,014AF3B0,00000010), ref: 00CA8FD5
                                                                                                                                                                                                                • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00CA8FEC
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00CA8FF6
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00CA9000
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Service$CloseHandle$OpenStart$ChangeConfig2CreateManager
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3525021261-0
                                                                                                                                                                                                                • Opcode ID: bbdc193a8be55b641572746d299c761ffa8a25381da9aaa1158ba0a78e21bd52
                                                                                                                                                                                                                • Instruction ID: ae2037fbb98386191dea6c2c94532ef0bd09b4d52b94164d3a7171896303c7c9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbdc193a8be55b641572746d299c761ffa8a25381da9aaa1158ba0a78e21bd52
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4510871900E049FC306DFB8EC64B7EBB75BF89745F108319E706AA2A0EB716481CB46
                                                                                                                                                                                                                Function 00CAC5C0 Relevance: 12.2, APIs: 8, Instructions: 169serviceCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,80000000), ref: 00CAC644
                                                                                                                                                                                                                • EnumServicesStatusA.ADVAPI32(00000000,00000030,00000003,?,00000024,?,?,00000000), ref: 00CAC6C5
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00CAC6CE
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CAC70F
                                                                                                                                                                                                                • EnumServicesStatusA.ADVAPI32(00000000,00000030,00000003,00000000,?,?,?,00000000), ref: 00CAC740
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CAC7A9
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CAC7EF
                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00CAC7FB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: EnumServicesStatus$CloseErrorHandleLastManagerOpenService__snprintf_free_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3403677689-0
                                                                                                                                                                                                                • Opcode ID: 92b2e3d7f65e287abfebd68dbcaa02db662624061b71f7df23572e5dfb73785e
                                                                                                                                                                                                                • Instruction ID: fa7fbaf898bd01afc315ba2ffcdd4ee491d7b435bb56f35da527c8545f4312b4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92b2e3d7f65e287abfebd68dbcaa02db662624061b71f7df23572e5dfb73785e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8671A171D00A09DFCB05CFA4DC95BBEBBB9BF89344F108219E602BA190E7715A85CF52
                                                                                                                                                                                                                Function 00CDEE73 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcscmp.LIBCMT ref: 00CDEE8A
                                                                                                                                                                                                                • _wcscmp.LIBCMT ref: 00CDEE9B
                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00CDF139,?,00000000), ref: 00CDEEB7
                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00CDF139,?,00000000), ref: 00CDEEE1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoLocale_wcscmp
                                                                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                                                                • API String ID: 1351282208-711371036
                                                                                                                                                                                                                • Opcode ID: 8683561d9a8ae5378e1d3f273a8c11facfc77ed7b813ce27293ad8838d3d4e4b
                                                                                                                                                                                                                • Instruction ID: 5f61ec285706ce3bb2cac74e3dded36a8a2fe0d518cae59311bc877779482602
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8683561d9a8ae5378e1d3f273a8c11facfc77ed7b813ce27293ad8838d3d4e4b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0301DE32200259BADB20EE65DC45FDA3399AF00760F048422FB18DE692E730EB80D7D1
                                                                                                                                                                                                                Function 00CA1570 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 194pipeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreatePipe.KERNEL32(00000020,?,0000000C,00000000), ref: 00CA1666
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreatePipe
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 2719314638-2746444292
                                                                                                                                                                                                                • Opcode ID: 567a6a1dd554a942784e3a0fa80f15b1880c665358248c443870e51ee4c34083
                                                                                                                                                                                                                • Instruction ID: b6b393847d5fad7dfdde911bd626b20a2fe062c1eca36907996dd3425365d85d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 567a6a1dd554a942784e3a0fa80f15b1880c665358248c443870e51ee4c34083
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48814BB5E00609EFCB04CFA4DD85BEEBBB5FF88704F108619E605A7290DB756984CB51
                                                                                                                                                                                                                Function 00CCFA4C Relevance: 19.6, APIs: 13, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1503006713-0
                                                                                                                                                                                                                • Opcode ID: dbbea71aa0ff378f1c890ac40a9f3fb821f1545db0178139ff153139d5a3569e
                                                                                                                                                                                                                • Instruction ID: 4c1ffe5b671f3f5184848bce9764fdb12cf75df357a1be2e684a73479b74ff32
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbbea71aa0ff378f1c890ac40a9f3fb821f1545db0178139ff153139d5a3569e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52215B31104605AAEB317F65DC02F9ABBEADF41791F21803EF49885162DB318952B795
                                                                                                                                                                                                                Function 00CBA194 Relevance: 18.1, APIs: 12, Instructions: 84COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DecodePointer.KERNEL32 ref: 00CBA19C
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBA1B5
                                                                                                                                                                                                                  • Part of subcall function 00CBA688: RtlFreeHeap.NTDLL(00000000,00000000,?,00CC2938,00000000,00CC0F5F,00CCE22D,00000000,?,00CBFC97,?,?,00000000), ref: 00CBA69C
                                                                                                                                                                                                                  • Part of subcall function 00CBA688: GetLastError.KERNEL32(00000000,?,00CC2938,00000000,00CC0F5F,00CCE22D,00000000,?,00CBFC97,?,?,00000000,?,?,?,00CC2A32), ref: 00CBA6AE
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBA1C8
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBA1E6
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBA1F8
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBA209
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBA214
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBA238
                                                                                                                                                                                                                • EncodePointer.KERNEL32(014AF9F0), ref: 00CBA23F
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBA254
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBA26A
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CBA292
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3064303923-0
                                                                                                                                                                                                                • Opcode ID: 4d234502ac84b4deeecda77cea3964e9730f2d69cb0835f9692280783b14ce87
                                                                                                                                                                                                                • Instruction ID: 791603eafbfc2826a20a641e1a37e3e997e7934d8d55a44225e92d899b5257eb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d234502ac84b4deeecda77cea3964e9730f2d69cb0835f9692280783b14ce87
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD219FB29492509FCB255F28FD407AD77B8EB04762F0A022BF99897260CB315D41DB87
                                                                                                                                                                                                                Function 00CCFB23 Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock_wcscmp
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1077091919-0
                                                                                                                                                                                                                • Opcode ID: 6c27296af4e36b976b194c282cbc25807f59e7397a92f871780b343ed0997a7f
                                                                                                                                                                                                                • Instruction ID: def1ef7c5ae79777a619adc9782bece3b0ce691d51500e85561f4bff115c8c37
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c27296af4e36b976b194c282cbc25807f59e7397a92f871780b343ed0997a7f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7410632904309ABDB21AFA8DC42FAD77F1EF04314F20403DF91496292DB759A46EB51
                                                                                                                                                                                                                Function 00CB9385 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00CB9398
                                                                                                                                                                                                                  • Part of subcall function 00CBF19F: std::exception::_Copy_str.LIBCMT ref: 00CBF1B8
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00CB93AD
                                                                                                                                                                                                                  • Part of subcall function 00CBF37C: RaiseException.KERNEL32(?,?,?,00CF3AD0,?,?,?,?,?,00CB952D,?,00CF3AD0,00000000,00000001), ref: 00CBF3D1
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00CB93C6
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00CB93DB
                                                                                                                                                                                                                • std::regex_error::regex_error.LIBCPMT ref: 00CB93ED
                                                                                                                                                                                                                  • Part of subcall function 00CB905C: std::exception::exception.LIBCMT ref: 00CB9076
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00CB93FB
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00CB9414
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00CB9429
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                                                                                                • String ID: bad function call
                                                                                                                                                                                                                • API String ID: 2464034642-3612616537
                                                                                                                                                                                                                • Opcode ID: 79aaa388e7bb31dbcfcd5167ab8b352f12bada0a883949ea70621a47df1352fb
                                                                                                                                                                                                                • Instruction ID: 557fa2f45122a72d21b1e8f2394fc6c0ce3743bb2ed8b9f9d0027a17d4001b68
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79aaa388e7bb31dbcfcd5167ab8b352f12bada0a883949ea70621a47df1352fb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1511AA74C0024CBB8F04EFA5C886CDDBBBCEA18344F408566B92497251EB74A74A8B91
                                                                                                                                                                                                                Function 00C98040 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 308sleepfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _memset.LIBCMT ref: 00CA5C01
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _free.LIBCMT ref: 00CA5C43
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 00C9839B
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00C983FE
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00C98505
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00C9851B
                                                                                                                                                                                                                • Sleep.KERNEL32(00015F90), ref: 00C98528
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 00C98535
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00C98549
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$File$DeleteModuleNameSleep__snprintf_free
                                                                                                                                                                                                                • String ID: rj3.
                                                                                                                                                                                                                • API String ID: 3733618472-2374996226
                                                                                                                                                                                                                • Opcode ID: 2893cf870747fc1e03e234229a1d00616bdc3747bfd54bffc47d362114ffe875
                                                                                                                                                                                                                • Instruction ID: 904591273630ce46b62c11cf3ecdb8e8b52c6964426fd7800678ce8847ec923d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2893cf870747fc1e03e234229a1d00616bdc3747bfd54bffc47d362114ffe875
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52D1DE71800A089FCB05DBB9EC85BBDB775BF89301F148719E705BB2A1EB716588CB52
                                                                                                                                                                                                                Function 00CA16AA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 81processfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 00CA16CF
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CA16EE
                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 00CA1752
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000020,?,00000000), ref: 00CA178D
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CA181F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00CA56E4), ref: 00CA1829
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000020), ref: 00CA1833
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CA1843
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$Close$CreateFileInformationProcessWrite_memset
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 3900862288-2746444292
                                                                                                                                                                                                                • Opcode ID: 7403420be91dfdb0df791cfb84f53d1d24ac33ca96a21565b1eaee63851b7d15
                                                                                                                                                                                                                • Instruction ID: 97a7d23f33aca5965a3b6b5236afbed2a3bca9794512a7c56e02ece5b0b573ae
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7403420be91dfdb0df791cfb84f53d1d24ac33ca96a21565b1eaee63851b7d15
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB3127B1E00708EFDB14CFA5DD86BEDBBB5BF88704F108519E605AB290DB746A80CB51
                                                                                                                                                                                                                Function 00C98E40 Relevance: 12.3, APIs: 8, Instructions: 271fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00C98EF2
                                                                                                                                                                                                                • ReadFile.KERNEL32(000000FF,?,?,?,00000000), ref: 00C98F17
                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 00C98F35
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00C98F4C
                                                                                                                                                                                                                  • Part of subcall function 00CB8900: _malloc.LIBCMT ref: 00CB897B
                                                                                                                                                                                                                • _sprintf.LIBCMT ref: 00C99145
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000001,40000000,00000000,00000000,00000002,00000000,00000000), ref: 00C9916E
                                                                                                                                                                                                                • WriteFile.KERNEL32(000000FF,?,?,?,00000000), ref: 00C991DC
                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 00C991E6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$CloseCreateHandle$CountReadTickWrite_malloc_sprintf
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3359727986-0
                                                                                                                                                                                                                • Opcode ID: 1a9f12563200eb4e31956d068a5170765c1610927b6967c1c19dd4da9eb794d5
                                                                                                                                                                                                                • Instruction ID: 83c831602db49086066b614417e38353296f72a004119ca722066c4fcd61eb7d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a9f12563200eb4e31956d068a5170765c1610927b6967c1c19dd4da9eb794d5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49C16C75D00B489FCB05CFA8D855BAEFBB6BF89300F148209EA05B7351D7716985CB51
                                                                                                                                                                                                                Function 00CA6E60 Relevance: 12.2, APIs: 8, Instructions: 212processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00CA6EEE
                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00CA6F71
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00CA70A5
                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,000000FF), ref: 00CA70F8
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CA7102
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00CA711D
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CA712F
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CA7143
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3095088415-0
                                                                                                                                                                                                                • Opcode ID: 21c10965c85c4723cbb32fd0696b2e1cc34481122598ab716bd1db74f83ed611
                                                                                                                                                                                                                • Instruction ID: d00025e8d1c308ecc12a5afcb6a76094619e8638034ab68ee0c79b2621efe9fc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21c10965c85c4723cbb32fd0696b2e1cc34481122598ab716bd1db74f83ed611
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AB15771C00A499EC706CFB8EC917BDFBB5BF8A384F108349D606B6261EB715585CB52
                                                                                                                                                                                                                Function 00CA6030 Relevance: 12.2, APIs: 8, Instructions: 183processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00CA6094
                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00CA6155
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 00CA620C
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,?,00000000), ref: 00CA623A
                                                                                                                                                                                                                • Module32First.KERNEL32(0000000D,00000224), ref: 00CA62A8
                                                                                                                                                                                                                • CloseHandle.KERNEL32(0000000D,0000000A,?,00C9D9E3), ref: 00CA6311
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00CA632C
                                                                                                                                                                                                                  • Part of subcall function 00CB8900: _malloc.LIBCMT ref: 00CB897B
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _memset.LIBCMT ref: 00CA5C01
                                                                                                                                                                                                                  • Part of subcall function 00CA5BB0: _free.LIBCMT ref: 00CA5C43
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFirstProcess32SnapshotToolhelp32$CloseHandleModule32Next__snprintf_free_malloc_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2771089087-0
                                                                                                                                                                                                                • Opcode ID: a0bdee5566b8a145cf2d63eb8fc047cd879b9a10bc33eb4bac286cefe26677d8
                                                                                                                                                                                                                • Instruction ID: c13486a868f870fa1b6dde6ad4e2b3c3048bd874a092a905e95e1fed2ce95d9a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0bdee5566b8a145cf2d63eb8fc047cd879b9a10bc33eb4bac286cefe26677d8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A281CD71900A099FC705CFB8EC91BBDBB75BF49744F008259E709AB261EB705A85CF52
                                                                                                                                                                                                                Function 00C9DE80 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 278COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                • Opcode ID: 1dfae7ffa53ab30f93312da8ebc1a113beb23cc2d9b57aa3cf4e378bee86d0ff
                                                                                                                                                                                                                • Instruction ID: a4e4140e2cbb614e8ef6eb73c46857a27b0ddbc7eb6a3100971b13173d2e5264
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1dfae7ffa53ab30f93312da8ebc1a113beb23cc2d9b57aa3cf4e378bee86d0ff
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CDC1E170D00A49DFCF04CFB8D945BBDB7B2BFA5344F208259E606A72A1E7719A80DB51
                                                                                                                                                                                                                Function 00CCAF7C Relevance: 10.6, APIs: 7, Instructions: 84COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___unDName.LIBCMT ref: 00CCAFAB
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00CCAFBE
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00CCAFDA
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CCAFEC
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CCAFFD
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CCB046
                                                                                                                                                                                                                  • Part of subcall function 00CC047D: IsProcessorFeaturePresent.KERNEL32(00000017,00CC0451,00000000,?,?,?,?,?,00CC045E,00000000,00000000,00000000,00000000,00000000,00CCC360), ref: 00CC047F
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CCB03F
                                                                                                                                                                                                                  • Part of subcall function 00CBA688: RtlFreeHeap.NTDLL(00000000,00000000,?,00CC2938,00000000,00CC0F5F,00CCE22D,00000000,?,00CBFC97,?,?,00000000), ref: 00CBA69C
                                                                                                                                                                                                                  • Part of subcall function 00CBA688: GetLastError.KERNEL32(00000000,?,00CC2938,00000000,00CC0F5F,00CCE22D,00000000,?,00CBFC97,?,?,00000000,?,?,?,00CC2A32), ref: 00CBA6AE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free_malloc$ErrorFeatureFreeHeapLastNamePresentProcessor___un__lock_strlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3704956918-0
                                                                                                                                                                                                                • Opcode ID: e81d03b320182fac62ea21e3cb61267b0d8c4f60131e05ea8183fba84634b13d
                                                                                                                                                                                                                • Instruction ID: 738a799b4e3bdfcc13634744ec47096c46f88f063ac33fcaef7c6f5580f59b8b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e81d03b320182fac62ea21e3cb61267b0d8c4f60131e05ea8183fba84634b13d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE2122F1900706ABDB24ABB4CC46F6BB7A8AF14350F14C12DF8289B282DB74DD41DB91
                                                                                                                                                                                                                Function 00CC29FA Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __init_pointers.LIBCMT ref: 00CC29FA
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: EncodePointer.KERNEL32(00000000,?,00CC29FF,00CBEF28,00CF3DE8,00000014), ref: 00CBA3E2
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: __initp_misc_winsig.LIBCMT ref: 00CBA3FD
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00CC09A3
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00CC09B7
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00CC09CA
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00CC09DD
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00CC09F0
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00CC0A03
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00CC0A16
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00CC0A29
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00CC0A3C
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00CC0A4F
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00CC0A62
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00CC0A75
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00CC0A88
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00CC0A9B
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00CC0AAE
                                                                                                                                                                                                                  • Part of subcall function 00CBA3DF: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00CC0AC1
                                                                                                                                                                                                                • __mtinitlocks.LIBCMT ref: 00CC29FF
                                                                                                                                                                                                                • __mtterm.LIBCMT ref: 00CC2A08
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00CC2A2D
                                                                                                                                                                                                                • __initptd.LIBCMT ref: 00CC2A4F
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00CC2A56
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1593083391-0
                                                                                                                                                                                                                • Opcode ID: 88d98a293d2c475ffc4624ae44caba3d07209e7fa2a3ac3e32800147b17aee29
                                                                                                                                                                                                                • Instruction ID: 634897edf90cc3a5c0f94fbb8fd0307048696863169ede7e04b2cc9ae77026b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88d98a293d2c475ffc4624ae44caba3d07209e7fa2a3ac3e32800147b17aee29
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9F090325197519DE638BB74FC03F9A2A849B01730F21062EF5B6D50E1FF11CA41B295
                                                                                                                                                                                                                Function 00CA1D00 Relevance: 9.3, APIs: 6, Instructions: 252fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00CA1F5C
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CA221F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFile_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3830271748-0
                                                                                                                                                                                                                • Opcode ID: a3910f1c7ffa3cfd79e51e87d16cabf9691a0b187883fd0a77ad9ebc729b82f8
                                                                                                                                                                                                                • Instruction ID: b0ebad9c8e5b3968a16a77569adbcf1cec732f5d148c7a1a88bbb9b2e1334f27
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3910f1c7ffa3cfd79e51e87d16cabf9691a0b187883fd0a77ad9ebc729b82f8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04C15572810E498EC706CF7AEC8176DB775BF8A385B148705E7067A1B1EB706588DF42
                                                                                                                                                                                                                Function 00CA5000 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 439COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free_memset
                                                                                                                                                                                                                • String ID: $
                                                                                                                                                                                                                • API String ID: 287624719-227171996
                                                                                                                                                                                                                • Opcode ID: 4e71dc490fa195630b573629e2d19ab351c54c558b35b9b24400e61898c5a55b
                                                                                                                                                                                                                • Instruction ID: 0297d744080be19e74c26ce8933b563142f0105349f365994c8f91adebcfee66
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e71dc490fa195630b573629e2d19ab351c54c558b35b9b24400e61898c5a55b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62129F71C00E499FCB05CFA8EC81BADBBB5BF89345F148219E6057B261EB306585DF92
                                                                                                                                                                                                                Function 00CCF363 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00CCF8FF
                                                                                                                                                                                                                  • Part of subcall function 00CC050D: __mtinitlocknum.LIBCMT ref: 00CC051F
                                                                                                                                                                                                                  • Part of subcall function 00CC050D: __amsg_exit.LIBCMT ref: 00CC052B
                                                                                                                                                                                                                  • Part of subcall function 00CC050D: EnterCriticalSection.KERNEL32(?,?,00CC2990,0000000D), ref: 00CC0538
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CCF925
                                                                                                                                                                                                                  • Part of subcall function 00CBA688: RtlFreeHeap.NTDLL(00000000,00000000,?,00CC2938,00000000,00CC0F5F,00CCE22D,00000000,?,00CBFC97,?,?,00000000), ref: 00CBA69C
                                                                                                                                                                                                                  • Part of subcall function 00CBA688: GetLastError.KERNEL32(00000000,?,00CC2938,00000000,00CC0F5F,00CCE22D,00000000,?,00CBFC97,?,?,00000000,?,?,?,00CC2A32), ref: 00CBA6AE
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00CCF93E
                                                                                                                                                                                                                • ___removelocaleref.LIBCMT ref: 00CCF94D
                                                                                                                                                                                                                • ___freetlocinfo.LIBCMT ref: 00CCF966
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CCF979
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 626533743-0
                                                                                                                                                                                                                • Opcode ID: 0fc3f17da3bf8a1d8db4761d29f74c2db7b72135f8653794bbbb7032ac220c44
                                                                                                                                                                                                                • Instruction ID: 69993d19a0f4769ee7d3a01e2a96355c970977b37950469046bd4651028fc52b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fc3f17da3bf8a1d8db4761d29f74c2db7b72135f8653794bbbb7032ac220c44
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1101C031501305E7DF346F68D802F6D73A19F01736F24063DF069A60D1CB748A82EA95
                                                                                                                                                                                                                Function 00C994B0 Relevance: 7.7, APIs: 5, Instructions: 197synchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00CF7440,00000104), ref: 00C99599
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00C9966E
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00C996A4
                                                                                                                                                                                                                • __vfwprintf_p.LIBCMT ref: 00C9975A
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(0000010C), ref: 00C99790
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountFileModuleMutexNameReleaseTick__vfwprintf_p_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2753155262-0
                                                                                                                                                                                                                • Opcode ID: 8abf2d7212fe0b2d8fe8401c0b87caf92749b5f1f3f7d8051f8104e0792929ce
                                                                                                                                                                                                                • Instruction ID: ad7c3f5d8dde430819c0793821f15b423f11ae7cc3388201b4e0e08d282aaf0c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8abf2d7212fe0b2d8fe8401c0b87caf92749b5f1f3f7d8051f8104e0792929ce
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1817DB5D00A48AFCB05CFA9EC82BBDBBB1AF49300F048259EA0577261E7716584DF52
                                                                                                                                                                                                                Function 00CAA690 Relevance: 7.6, APIs: 5, Instructions: 120fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • std::ios_base::good.LIBCPMTD ref: 00CAA74F
                                                                                                                                                                                                                • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00CAA7A2
                                                                                                                                                                                                                • std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00CAA7B1
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00C97A5E), ref: 00CAA7BE
                                                                                                                                                                                                                • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00CAA828
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Affinity::operator!=Concurrency::details::Hardware$DeleteFileMutex_baseMutex_base::~_std::_std::ios_base::good
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1152012751-0
                                                                                                                                                                                                                • Opcode ID: 5dde9cfde8b36b67d4c6a7479ce639b0dcdf954642fcea9fb0d66cd66ce3d0ed
                                                                                                                                                                                                                • Instruction ID: fceedf919687b9f7a486eaa516ae3b7edb113c5a3980683d07bffa24364b377a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dde9cfde8b36b67d4c6a7479ce639b0dcdf954642fcea9fb0d66cd66ce3d0ed
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC51B071810909DFCB06EBB6EC917BEB374BF59344B108359E60276171EB306A89EF52
                                                                                                                                                                                                                Function 00CE3B77 Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __getenv_helper_nolock.LIBCMT ref: 00CE3BB2
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00CE3BC0
                                                                                                                                                                                                                  • Part of subcall function 00CC0F5A: __getptd_noexit.LIBCMT ref: 00CC0F5A
                                                                                                                                                                                                                • _strnlen.LIBCMT ref: 00CE3C4B
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00CE3C5C
                                                                                                                                                                                                                • __getenv_helper_nolock.LIBCMT ref: 00CE3C67
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2168648987-0
                                                                                                                                                                                                                • Opcode ID: 0c11a58733143c47b559e5a2c6edbdef64f7f6a0e7661974b1174312d560fc57
                                                                                                                                                                                                                • Instruction ID: 570a474d9062af27b4d0389a8856ded66e42911ff32b8cebde37bac12c4df8a7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c11a58733143c47b559e5a2c6edbdef64f7f6a0e7661974b1174312d560fc57
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D3100326042D6ABDB216B66DC06B6F77546F01720F310169F919DB281DB74EB0167E1
                                                                                                                                                                                                                Function 00CCE0FD Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CCE109
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: __FF_MSGBANNER.LIBCMT ref: 00CBA714
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: __NMSG_WRITE.LIBCMT ref: 00CBA71B
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: RtlAllocateHeap.NTDLL(014A0000,00000000,00000001,00000000,00000000,00000000,?,00CBFCE1,00000000,00000000,00000000,00000000,?,00CC05F7,00000018,00CF3E08), ref: 00CBA740
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CCE11C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1020059152-0
                                                                                                                                                                                                                • Opcode ID: b1a3419d4593e0e7b2010ed763d28b8847b42ef8c37e17feb7e436a032f0e273
                                                                                                                                                                                                                • Instruction ID: bfa8a367adeff553221e5513bf4b30509d00f660a9dea8afd894e054df04f396
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1a3419d4593e0e7b2010ed763d28b8847b42ef8c37e17feb7e436a032f0e273
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE11EC32508215AFCB316FB5EC05FAD37949F05360F28452DF9699A152DA348AE0E791
                                                                                                                                                                                                                Function 00C99D40 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 00C99DBA
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C99DD5
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001000), ref: 00C99DE2
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00C99DF0
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,000000FF), ref: 00C99DFC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCreateHandle$EventObjectSingleThreadWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1404307249-0
                                                                                                                                                                                                                • Opcode ID: ae8488fa3e909d6775a7ddc872a2e0212a211ed159daafe4c8dde3c14c6e1a83
                                                                                                                                                                                                                • Instruction ID: 8bd7b5a645443604ec8c856e80448e0f779ea700a9378e64efe99c39aa410965
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae8488fa3e909d6775a7ddc872a2e0212a211ed159daafe4c8dde3c14c6e1a83
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A921F775A00608EFC705CFA5DD86B6DBBB5FB49301F208645FA05AB3A0DB70AA84DF51
                                                                                                                                                                                                                Function 00C9D7B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • C:\Windows\system32\config\systemprofile, xrefs: 00C9D90E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$__snprintf
                                                                                                                                                                                                                • String ID: C:\Windows\system32\config\systemprofile
                                                                                                                                                                                                                • API String ID: 1922369481-3771762618
                                                                                                                                                                                                                • Opcode ID: 462e03664501d3bcd519287bd2aa1fa18361f3a0e170d809f5d62146c977a2a2
                                                                                                                                                                                                                • Instruction ID: 50a17d37d416bfc6e6c4cf49d7ba38dd7fffaa94e2d96615d30329b735291e6f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 462e03664501d3bcd519287bd2aa1fa18361f3a0e170d809f5d62146c977a2a2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FD1AD72810E089EC706EFB4EC92BBDB734BF55744F108319E3067A1A2EB706589DB52
                                                                                                                                                                                                                Function 00CCF2F6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcsnlen
                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                • API String ID: 3628947076-3372436214
                                                                                                                                                                                                                • Opcode ID: 58f4dcfdeb46a1ef76eb26970e2e90d49b09997028af806836dc1b63f1c3b21b
                                                                                                                                                                                                                • Instruction ID: 217663d2c82e71265e749012b6403fa3b79d0aa1282fcf504c250acb80bf1f45
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58f4dcfdeb46a1ef76eb26970e2e90d49b09997028af806836dc1b63f1c3b21b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D221D8326082087BEB00DF64EC45FBE73EDDB45760F24017DFA18C6190FA61DE429694
                                                                                                                                                                                                                Function 00CDE5FE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcscmp
                                                                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                                                                • API String ID: 856254489-711371036
                                                                                                                                                                                                                • Opcode ID: 52ac382d6ca71a91db7390e3cc90ac72784dc52b99c425aaed19d7869d816214
                                                                                                                                                                                                                • Instruction ID: 4b5ac7e5d67948ef85faca17973e2e5e01c20b93cc4b78f8f42be43dcccf4ebf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52ac382d6ca71a91db7390e3cc90ac72784dc52b99c425aaed19d7869d816214
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8601963130124D76EB60BA59DC46FDA339C9F21354F044467FB15DE282E770E74196DA
                                                                                                                                                                                                                Function 00CB5D20 Relevance: 6.3, APIs: 4, Instructions: 252COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CB5F63
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00CB5FB4
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: __FF_MSGBANNER.LIBCMT ref: 00CBA714
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: __NMSG_WRITE.LIBCMT ref: 00CBA71B
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: RtlAllocateHeap.NTDLL(014A0000,00000000,00000001,00000000,00000000,00000000,?,00CBFCE1,00000000,00000000,00000000,00000000,?,00CC05F7,00000018,00CF3E08), ref: 00CBA740
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00CB60D6
                                                                                                                                                                                                                • _free.LIBCMT ref: 00CB60E4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _malloc$AllocateHeap_free_memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3974598690-0
                                                                                                                                                                                                                • Opcode ID: 1f07792726be09adb580e4d4ac075911fc2b0ba972f137f494d92e3d650b2ace
                                                                                                                                                                                                                • Instruction ID: 5d0b2c556f022b61d12e336c5849b5ebc28aa5216a1045237da129049941e4f5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f07792726be09adb580e4d4ac075911fc2b0ba972f137f494d92e3d650b2ace
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27C15971900E489FC705CF69E8807BDBBB1FF99344B14C209EB056B265EB31A584CF86
                                                                                                                                                                                                                Function 00CCD34E Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdjustPointer_memmove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1721217611-0
                                                                                                                                                                                                                • Opcode ID: 0af1d04e2d7d7afc8bac0e948ec681327afb6abf962d11d64285464d4051001a
                                                                                                                                                                                                                • Instruction ID: 1bd5f8ead525b008e58f80737d0834a64ac4471f8d1ffc423bfe71bd78d55ea0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0af1d04e2d7d7afc8bac0e948ec681327afb6abf962d11d64285464d4051001a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F4186352047439BEB399F15E881F6A77E49F41710F24403EFA528A6E2EB71FA81D711
                                                                                                                                                                                                                Function 00CD2AF4 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00CD2B2A
                                                                                                                                                                                                                • __isleadbyte_l.LIBCMT ref: 00CD2B58
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00C922CC,E1C11FE1,00BFBBEF,00000000,?,00000000,00000000,?,00CD1629,00C922CC,00BFBBEF,00000003), ref: 00CD2B86
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00C922CC,00000001,00BFBBEF,00000000,?,00000000,00000000,?,00CD1629,00C922CC,00BFBBEF,00000003), ref: 00CD2BBC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3058430110-0
                                                                                                                                                                                                                • Opcode ID: d4c64ea6e2ac04721762b42efcabbe26e23406e9a54fe21fa9d12cb95c69830c
                                                                                                                                                                                                                • Instruction ID: dbc08c94c5ce1f378dd015aac33de71c6bb06a7161e398d49160274159d1db5f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4c64ea6e2ac04721762b42efcabbe26e23406e9a54fe21fa9d12cb95c69830c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A731F531604246BFDB228F35CC84BAA7BB5FF51310F15416BE9268B290D7B0D991DB90
                                                                                                                                                                                                                Function 00C93D80 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00C93DB2
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: __FF_MSGBANNER.LIBCMT ref: 00CBA714
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: __NMSG_WRITE.LIBCMT ref: 00CBA71B
                                                                                                                                                                                                                  • Part of subcall function 00CBA6FD: RtlAllocateHeap.NTDLL(014A0000,00000000,00000001,00000000,00000000,00000000,?,00CBFCE1,00000000,00000000,00000000,00000000,?,00CC05F7,00000018,00CF3E08), ref: 00CBA740
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00C93DDA
                                                                                                                                                                                                                • _memset.LIBCMT ref: 00C93E25
                                                                                                                                                                                                                • _free.LIBCMT ref: 00C93E34
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset$AllocateHeap_free_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 585861054-0
                                                                                                                                                                                                                • Opcode ID: fe2fcfbbe0dc3c7ffefeda2b0db1036e5f8a9984ee00690cb5f9c1917fd21665
                                                                                                                                                                                                                • Instruction ID: 6d30f82f8e0d1c0a7a00f9fe4407cf46b51091cbe3e6f5a27b0cbbefce5cf646
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe2fcfbbe0dc3c7ffefeda2b0db1036e5f8a9984ee00690cb5f9c1917fd21665
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE314AB5900648AFCB05CF28D885BAAB765AF88340F14C758F9095F351D731EE85DB81
                                                                                                                                                                                                                Function 00CCF368 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00CC28C0: __getptd_noexit.LIBCMT ref: 00CC28C1
                                                                                                                                                                                                                  • Part of subcall function 00CC28C0: __amsg_exit.LIBCMT ref: 00CC28CE
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00CCF9B6
                                                                                                                                                                                                                  • Part of subcall function 00CBFC83: __calloc_impl.LIBCMT ref: 00CBFC92
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00CCF9EC
                                                                                                                                                                                                                • ___addlocaleref.LIBCMT ref: 00CCF9F8
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00CCFA0C
                                                                                                                                                                                                                  • Part of subcall function 00CC0F5A: __getptd_noexit.LIBCMT ref: 00CC0F5A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2580527540-0
                                                                                                                                                                                                                • Opcode ID: 876c3ed9c4a23635a3e35212eabf9ffe8e021bd27eae95cfa807f75ec74e3a46
                                                                                                                                                                                                                • Instruction ID: 662b9533f8675c49610b80af5c6ecbe309ad2f773340022efab9f1123a3450fe
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 876c3ed9c4a23635a3e35212eabf9ffe8e021bd27eae95cfa807f75ec74e3a46
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10019231901301EBD720BFB8C802F5DB7A19F41720F20415DF4999B2C2CA704A42ABA1
                                                                                                                                                                                                                Function 00CCB304 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3016257755-0
                                                                                                                                                                                                                • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                                                                • Instruction ID: 9b35bf5d01d8104e4e929a5fa51c84b9e4e7bfa3636c240f10ed8a8dd92b8eb4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57014E7200018AFBCF125EC4CC06EEE3F66BB19354F598519FA2858031D736CEB1AB92
                                                                                                                                                                                                                Function 00CCCBB4 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___BuildCatchObject.LIBCMT ref: 00CCCBCB
                                                                                                                                                                                                                  • Part of subcall function 00CCD2C0: ___AdjustPointer.LIBCMT ref: 00CCD309
                                                                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00CCCBE2
                                                                                                                                                                                                                • ___FrameUnwindToState.LIBCMT ref: 00CCCBF4
                                                                                                                                                                                                                • CallCatchBlock.LIBCMT ref: 00CCCC18
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2633735394-0
                                                                                                                                                                                                                • Opcode ID: 2d8c29e931c82cb4b179de0235233341f27f52423f207cbaa2e250d67f1f5fc6
                                                                                                                                                                                                                • Instruction ID: b8ffd08cb3cf23be2251897f5603827566dba37875a5d3d09f9a1f3d635eef88
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d8c29e931c82cb4b179de0235233341f27f52423f207cbaa2e250d67f1f5fc6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06012932400109BBCF126F95CC41FDA7BBAFF48754F144058F91861121D732E961EBA1
                                                                                                                                                                                                                Function 00C9E1E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                • API String ID: 2931989736-1885708031
                                                                                                                                                                                                                • Opcode ID: 01d9c07a299e25e0638be5d146a627506faf4086c110bb8d041a8cb0bba38310
                                                                                                                                                                                                                • Instruction ID: d4f44a992fabf1edfdab42d6a843bdf44528a33ddd59478b431ffa7d6b1bfb95
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01d9c07a299e25e0638be5d146a627506faf4086c110bb8d041a8cb0bba38310
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8831AA71C00E098FCB02CF78E8017ADB776BFAA344F108315E7067A121EB716582DB82
                                                                                                                                                                                                                Function 00CA1799 Relevance: 5.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CA181F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00CA56E4), ref: 00CA1829
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000020), ref: 00CA1833
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CA1843
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                • Opcode ID: 16f5c0befa698df2d448e9d0609b81ddc5db2b06f71ffdefabe8a916755300bf
                                                                                                                                                                                                                • Instruction ID: 4ac0f1e2bc47841b7ec44134899ca7c827d2b8cb42c6224f482fd21e32c311de
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16f5c0befa698df2d448e9d0609b81ddc5db2b06f71ffdefabe8a916755300bf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20F0B775E02209DFCB14DFE1E949BBE7B76AB45305F148948EA21A7290CB3C9940CF91
                                                                                                                                                                                                                Function 00CA1766 Relevance: 5.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CA181F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00CA56E4), ref: 00CA1829
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000020), ref: 00CA1833
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CA1843
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2454696104.0000000000C91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454681111.0000000000C90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454756784.0000000000CE7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454776498.0000000000CF9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2454805046.0000000000CFA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_c90000_erewpegtq.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                • Opcode ID: 5c64593bb279b0f5e12b225ae2d490ec23f7d3b53544df9af181e6d5fb84861f
                                                                                                                                                                                                                • Instruction ID: 4ac0f1e2bc47841b7ec44134899ca7c827d2b8cb42c6224f482fd21e32c311de
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c64593bb279b0f5e12b225ae2d490ec23f7d3b53544df9af181e6d5fb84861f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20F0B775E02209DFCB14DFE1E949BBE7B76AB45305F148948EA21A7290CB3C9940CF91

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:7.2%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                Total number of Nodes:1280
                                                                                                                                                                                                                Total number of Limit Nodes:67
                                                                                                                                                                                                                execution_graph 31540 1aeea4 31580 1bc365 31540->31580 31542 1aeea9 __wsopen_helper 31584 1b08f3 GetStartupInfoW 31542->31584 31544 1aeebf 31586 1b2a93 GetProcessHeap 31544->31586 31546 1aef17 31547 1aef22 31546->31547 31685 1af044 58 API calls 3 library calls 31546->31685 31587 1b29fa 31547->31587 31550 1aef28 31551 1aef33 __RTC_Initialize 31550->31551 31686 1af044 58 API calls 3 library calls 31550->31686 31608 1ba5a6 31551->31608 31554 1aef42 31555 1aef4e GetCommandLineA 31554->31555 31687 1af044 58 API calls 3 library calls 31554->31687 31627 1bc401 GetEnvironmentStringsW 31555->31627 31558 1aef4d 31558->31555 31562 1aef73 31651 1bc237 31562->31651 31568 1aef84 31667 1aa2db 31568->31667 31569 1aef8c 31570 1aef97 31569->31570 31690 1aa2a1 58 API calls 3 library calls 31569->31690 31673 1bc48e 31570->31673 31581 1bc388 31580->31581 31582 1bc395 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 31580->31582 31581->31582 31583 1bc38c 31581->31583 31582->31583 31583->31542 31585 1b0909 31584->31585 31585->31544 31586->31546 31691 1aa3df 36 API calls 2 library calls 31587->31691 31589 1b29ff 31692 1b065e InitializeCriticalSectionAndSpinCount __mtinitlocks 31589->31692 31591 1b2a04 31592 1b2a08 31591->31592 31694 1b07e7 TlsAlloc 31591->31694 31693 1b2a70 TlsFree __mtterm 31592->31693 31596 1b2a1a 31596->31592 31597 1b2a25 31596->31597 31695 1afc83 31597->31695 31600 1b2a67 31703 1b2a70 TlsFree __mtterm 31600->31703 31604 1b2a46 31604->31600 31605 1b2a4c 31604->31605 31702 1b2947 58 API calls 4 library calls 31605->31702 31607 1b2a54 GetCurrentThreadId 31607->31550 31609 1ba5b2 __wsopen_helper 31608->31609 31715 1b050d 31609->31715 31611 1ba5b9 31612 1afc83 __calloc_crt 58 API calls 31611->31612 31614 1ba5ca 31612->31614 31613 1ba635 GetStartupInfoW 31616 1ba779 31613->31616 31620 1ba64a 31613->31620 31614->31613 31615 1ba5d5 __wsopen_helper @_EH4_CallFilterFunc@8 31614->31615 31615->31554 31617 1ba841 31616->31617 31622 1ba7c6 GetStdHandle 31616->31622 31623 1ba7d9 GetFileType 31616->31623 31723 1b092e InitializeCriticalSectionAndSpinCount 31616->31723 31724 1ba851 LeaveCriticalSection _doexit 31617->31724 31619 1ba698 31619->31616 31624 1ba6cc GetFileType 31619->31624 31722 1b092e InitializeCriticalSectionAndSpinCount 31619->31722 31620->31616 31620->31619 31621 1afc83 __calloc_crt 58 API calls 31620->31621 31621->31620 31622->31616 31623->31616 31624->31619 31628 1aef5e 31627->31628 31629 1bc414 WideCharToMultiByte 31627->31629 31640 1bc008 31628->31640 31631 1bc47e FreeEnvironmentStringsW 31629->31631 31632 1bc447 31629->31632 31631->31628 31727 1afccb 31632->31727 31635 1bc454 WideCharToMultiByte 31636 1bc46a 31635->31636 31637 1bc473 FreeEnvironmentStringsW 31635->31637 31733 1aa688 31636->31733 31637->31628 31639 1bc470 31639->31637 31641 1bc01b GetModuleFileNameA 31640->31641 31642 1bc016 31640->31642 31644 1bc048 31641->31644 31778 1b186f 31642->31778 31772 1bc0bb 31644->31772 31647 1afccb __malloc_crt 58 API calls 31648 1bc081 31647->31648 31649 1bc0bb _parse_cmdline 58 API calls 31648->31649 31650 1aef68 31648->31650 31649->31650 31650->31562 31688 1aa2a1 58 API calls 3 library calls 31650->31688 31652 1bc240 31651->31652 31653 1bc245 _strlen 31651->31653 31654 1b186f ___initmbctable 71 API calls 31652->31654 31655 1aef79 31653->31655 31656 1afc83 __calloc_crt 58 API calls 31653->31656 31654->31653 31655->31568 31689 1aa2a1 58 API calls 3 library calls 31655->31689 31663 1bc27b _strlen 31656->31663 31657 1bc2cd 31658 1aa688 _free 58 API calls 31657->31658 31658->31655 31659 1afc83 __calloc_crt 58 API calls 31659->31663 31660 1bc2f4 31662 1aa688 _free 58 API calls 31660->31662 31662->31655 31663->31655 31663->31657 31663->31659 31663->31660 31664 1bc30b 31663->31664 31949 1bc4ed 58 API calls __wsopen_helper 31663->31949 31950 1b047d 8 API calls 2 library calls 31664->31950 31666 1bc317 31668 1aa2e7 __IsNonwritableInCurrentImage 31667->31668 31951 1b1181 31668->31951 31670 1aa305 __initterm_e 31672 1aa324 _doexit __IsNonwritableInCurrentImage 31670->31672 31954 1a965e 67 API calls _Error_objects 31670->31954 31672->31569 31674 1bc49a 31673->31674 31676 1bc49f 31673->31676 31675 1b186f ___initmbctable 71 API calls 31674->31675 31675->31676 31677 1aef9d 31676->31677 31955 1ca4ce 58 API calls x_ismbbtype_l 31676->31955 31679 192280 31677->31679 31680 1922eb 31679->31680 31956 1a8e91 31680->31956 31682 192830 _memset 31683 194105 31682->31683 31964 19e9c0 31682->31964 31685->31547 31686->31551 31687->31558 31691->31589 31692->31591 31694->31596 31697 1afc8a 31695->31697 31698 1afcc5 31697->31698 31699 1afca8 31697->31699 31704 1be211 31697->31704 31698->31600 31701 1b0843 TlsSetValue 31698->31701 31699->31697 31699->31698 31712 1b0cb9 Sleep 31699->31712 31701->31604 31702->31607 31705 1be21c 31704->31705 31709 1be237 31704->31709 31706 1be228 31705->31706 31705->31709 31713 1b0f5a 58 API calls __getptd_noexit 31706->31713 31708 1be247 HeapAlloc 31708->31709 31710 1be22d 31708->31710 31709->31708 31709->31710 31714 1afc1f DecodePointer 31709->31714 31710->31697 31712->31699 31713->31710 31714->31709 31716 1b051e 31715->31716 31717 1b0531 EnterCriticalSection 31715->31717 31725 1b05b5 58 API calls 9 library calls 31716->31725 31717->31611 31719 1b0524 31719->31717 31726 1aa2a1 58 API calls 3 library calls 31719->31726 31722->31619 31723->31616 31724->31615 31725->31719 31728 1afcd9 31727->31728 31730 1afd0b 31728->31730 31732 1afcec 31728->31732 31739 1aa6fd 31728->31739 31730->31631 31730->31635 31732->31728 31732->31730 31756 1b0cb9 Sleep 31732->31756 31734 1aa691 RtlFreeHeap 31733->31734 31738 1aa6ba _free 31733->31738 31735 1aa6a6 31734->31735 31734->31738 31771 1b0f5a 58 API calls __getptd_noexit 31735->31771 31737 1aa6ac GetLastError 31737->31738 31738->31639 31740 1aa778 31739->31740 31748 1aa709 31739->31748 31765 1afc1f DecodePointer 31740->31765 31742 1aa77e 31766 1b0f5a 58 API calls __getptd_noexit 31742->31766 31745 1aa770 31745->31728 31746 1aa73c RtlAllocateHeap 31746->31745 31746->31748 31748->31746 31749 1aa764 31748->31749 31750 1aa714 31748->31750 31754 1aa762 31748->31754 31762 1afc1f DecodePointer 31748->31762 31763 1b0f5a 58 API calls __getptd_noexit 31749->31763 31750->31748 31757 1b0d0c 58 API calls 2 library calls 31750->31757 31758 1b0d69 58 API calls 9 library calls 31750->31758 31759 1aa17e 31750->31759 31764 1b0f5a 58 API calls __getptd_noexit 31754->31764 31756->31732 31757->31750 31758->31750 31767 1aa14a GetModuleHandleExW 31759->31767 31762->31748 31763->31754 31764->31745 31765->31742 31766->31745 31768 1aa17a ExitProcess 31767->31768 31769 1aa163 GetProcAddress 31767->31769 31769->31768 31770 1aa175 31769->31770 31770->31768 31771->31737 31774 1bc0dd 31772->31774 31776 1bc141 31774->31776 31782 1ca4ce 58 API calls x_ismbbtype_l 31774->31782 31775 1bc05e 31775->31647 31775->31650 31776->31775 31783 1ca4ce 58 API calls x_ismbbtype_l 31776->31783 31779 1b187f 31778->31779 31780 1b1878 31778->31780 31779->31641 31784 1b1c96 31780->31784 31782->31774 31783->31776 31785 1b1ca2 __wsopen_helper 31784->31785 31809 1b28c0 31785->31809 31789 1b1cb4 31826 1b1960 31789->31826 31792 1afccb __malloc_crt 58 API calls 31793 1b1cd6 31792->31793 31794 1b1e03 __wsopen_helper 31793->31794 31833 1b1e3e 31793->31833 31794->31779 31797 1b1d0c 31799 1b1d2c 31797->31799 31803 1aa688 _free 58 API calls 31797->31803 31798 1b1e13 31798->31794 31800 1b1e26 31798->31800 31801 1aa688 _free 58 API calls 31798->31801 31799->31794 31804 1b050d __lock 58 API calls 31799->31804 31844 1b0f5a 58 API calls __getptd_noexit 31800->31844 31801->31800 31803->31799 31806 1b1d5b 31804->31806 31805 1b1de9 31843 1b1e08 LeaveCriticalSection _doexit 31805->31843 31806->31805 31808 1aa688 _free 58 API calls 31806->31808 31808->31805 31845 1b28d8 GetLastError 31809->31845 31811 1b28c6 31812 1b1caa 31811->31812 31859 1aa2a1 58 API calls 3 library calls 31811->31859 31814 1b1bbf 31812->31814 31815 1b1bcb __wsopen_helper 31814->31815 31816 1b28c0 ___get_qualified_locale_downlevel 58 API calls 31815->31816 31817 1b1bd5 31816->31817 31818 1b1be7 31817->31818 31819 1b050d __lock 58 API calls 31817->31819 31820 1b1bf5 __wsopen_helper 31818->31820 31865 1aa2a1 58 API calls 3 library calls 31818->31865 31824 1b1c05 31819->31824 31820->31789 31821 1b1c32 31866 1b1c5c LeaveCriticalSection _doexit 31821->31866 31824->31821 31825 1aa688 _free 58 API calls 31824->31825 31825->31821 31867 1b188d 31826->31867 31829 1b197f GetOEMCP 31831 1b19a8 31829->31831 31830 1b1991 31830->31831 31832 1b1996 GetACP 31830->31832 31831->31792 31831->31794 31832->31831 31834 1b1960 getSystemCP 60 API calls 31833->31834 31836 1b1e5b 31834->31836 31835 1b1ed1 _memset __setmbcp_nolock 31876 1b1a2d GetCPInfo 31835->31876 31836->31835 31839 1b1eac IsValidCodePage 31836->31839 31841 1b1e62 setSBCS 31836->31841 31838 1b1cfd 31838->31797 31838->31798 31840 1b1ebe GetCPInfo 31839->31840 31839->31841 31840->31835 31840->31841 31886 1af36d 31841->31886 31843->31794 31844->31794 31860 1b0824 31845->31860 31847 1b28ed 31848 1b293b SetLastError 31847->31848 31849 1afc83 __calloc_crt 55 API calls 31847->31849 31848->31811 31850 1b2900 31849->31850 31850->31848 31863 1b0843 TlsSetValue 31850->31863 31852 1b2914 31853 1b291a 31852->31853 31854 1b2932 31852->31854 31864 1b2947 58 API calls 4 library calls 31853->31864 31856 1aa688 _free 55 API calls 31854->31856 31858 1b2938 31856->31858 31857 1b2922 GetCurrentThreadId 31857->31848 31858->31848 31861 1b083b TlsGetValue 31860->31861 31862 1b0837 31860->31862 31861->31847 31862->31847 31863->31852 31864->31857 31866->31818 31868 1b189e 31867->31868 31874 1b18eb 31867->31874 31869 1b28c0 ___get_qualified_locale_downlevel 58 API calls 31868->31869 31870 1b18a4 31869->31870 31871 1b18cb 31870->31871 31875 1be8ce 58 API calls 6 library calls 31870->31875 31873 1b1bbf __setmbcp 58 API calls 31871->31873 31871->31874 31873->31874 31874->31829 31874->31830 31875->31871 31877 1b1b0f 31876->31877 31878 1b1a65 31876->31878 31881 1af36d __87except 6 API calls 31877->31881 31893 1becfb 31878->31893 31883 1b1bbb 31881->31883 31883->31841 31885 1bebbd ___crtLCMapStringA 63 API calls 31885->31877 31887 1af377 IsProcessorFeaturePresent 31886->31887 31888 1af375 31886->31888 31890 1bc593 31887->31890 31888->31838 31948 1bc542 5 API calls ___raise_securityfailure 31890->31948 31892 1bc676 31892->31838 31894 1b188d _LocaleUpdate::_LocaleUpdate 58 API calls 31893->31894 31895 1bed0c 31894->31895 31903 1bec03 31895->31903 31898 1bebbd 31899 1b188d _LocaleUpdate::_LocaleUpdate 58 API calls 31898->31899 31900 1bebce 31899->31900 31917 1be999 31900->31917 31904 1bec2a MultiByteToWideChar 31903->31904 31905 1bec1d 31903->31905 31906 1bec4f 31904->31906 31908 1bec56 31904->31908 31905->31904 31907 1af36d __87except 6 API calls 31906->31907 31909 1b1ac6 31907->31909 31910 1bec78 _memset _strlwr_s_l_stat 31908->31910 31912 1aa6fd _malloc 58 API calls 31908->31912 31909->31898 31910->31906 31911 1becb4 MultiByteToWideChar 31910->31911 31913 1becde 31911->31913 31914 1becce GetStringTypeW 31911->31914 31912->31910 31916 1bdd5c 58 API calls _free 31913->31916 31914->31913 31916->31906 31920 1be9b2 MultiByteToWideChar 31917->31920 31919 1bea11 31921 1af36d __87except 6 API calls 31919->31921 31920->31919 31923 1bea18 31920->31923 31924 1b1ae7 31921->31924 31922 1bea77 MultiByteToWideChar 31925 1beade 31922->31925 31926 1bea90 31922->31926 31929 1aa6fd _malloc 58 API calls 31923->31929 31931 1bea40 _strlwr_s_l_stat 31923->31931 31924->31885 31947 1bdd5c 58 API calls _free 31925->31947 31942 1be043 31926->31942 31929->31931 31930 1beaa4 31930->31925 31932 1beaba 31930->31932 31934 1beae6 31930->31934 31931->31919 31931->31922 31932->31925 31933 1be043 ___crtLCMapStringW 2 API calls 31932->31933 31933->31925 31936 1aa6fd _malloc 58 API calls 31934->31936 31939 1beb0e _strlwr_s_l_stat 31934->31939 31935 1be043 ___crtLCMapStringW 2 API calls 31937 1beb51 31935->31937 31936->31939 31938 1beb79 31937->31938 31941 1beb6b WideCharToMultiByte 31937->31941 31946 1bdd5c 58 API calls _free 31938->31946 31939->31925 31939->31935 31941->31938 31943 1be06e __crtCompareStringA_stat 31942->31943 31944 1be053 LCMapStringEx 31942->31944 31945 1be085 LCMapStringW 31943->31945 31944->31930 31945->31930 31946->31925 31947->31919 31948->31892 31949->31663 31950->31666 31952 1b1184 EncodePointer 31951->31952 31952->31952 31953 1b119e 31952->31953 31953->31670 31954->31672 31955->31676 31958 1a94dd 31956->31958 31957 1aa6fd _malloc 58 API calls 31957->31958 31958->31957 31959 1a94ff 31958->31959 31961 1a9503 std::exception::exception 31958->31961 32606 1afc1f DecodePointer 31958->32606 31959->31682 32607 1af37c RaiseException 31961->32607 31963 1a952d 31965 19e9f3 31964->31965 31966 1aa6fd _malloc 58 API calls 31965->31966 31967 19ecfe 31966->31967 31968 1aa5b0 58 API calls 31967->31968 31969 19ed70 _memset 31967->31969 31968->31969 32608 1a8900 31969->32608 31971 19edde 31972 1a8900 58 API calls 31971->31972 31973 19edf2 31972->31973 31974 1a8900 58 API calls 31973->31974 31975 19ee06 31974->31975 31976 1a8900 58 API calls 31975->31976 31977 19ee1a 31976->31977 31978 1a8900 58 API calls 31977->31978 31979 19ee2e 31978->31979 31980 1a8900 58 API calls 31979->31980 31981 19ee42 31980->31981 31982 1a8900 58 API calls 31981->31982 31983 19ee7d 31982->31983 31984 1a8900 58 API calls 31983->31984 31985 19ee91 31984->31985 31986 1a8900 58 API calls 31985->31986 31987 19ef6a GetModuleHandleA 31986->31987 31988 1a8900 58 API calls 31987->31988 31989 19efaf 31988->31989 32612 195bb0 31989->32612 31992 1a8900 58 API calls 31993 19f056 31992->31993 31994 195bb0 58 API calls 31993->31994 31995 19f0b9 GetProcAddress 31994->31995 31996 1a8900 58 API calls 31995->31996 31997 19f0e1 31996->31997 31998 195bb0 58 API calls 31997->31998 31999 19f0f8 GetProcAddress 31998->31999 32001 1a8900 58 API calls 31999->32001 32002 19f1ab 32001->32002 32003 195bb0 58 API calls 32002->32003 32004 19f1c2 GetProcAddress 32003->32004 32006 1a8900 58 API calls 32004->32006 32007 19f2f9 32006->32007 32008 195bb0 58 API calls 32007->32008 32009 19f310 GetProcAddress 32008->32009 32010 1a8900 58 API calls 32009->32010 32011 19f337 32010->32011 32012 195bb0 58 API calls 32011->32012 32013 19f34e GetProcAddress 32012->32013 32014 1a8900 58 API calls 32013->32014 32015 19f375 32014->32015 32016 195bb0 58 API calls 32015->32016 32017 19f38c GetProcAddress 32016->32017 32018 1a8900 58 API calls 32017->32018 32019 19f3b3 32018->32019 32020 195bb0 58 API calls 32019->32020 32021 19f3ca GetProcAddress 32020->32021 32022 1a8900 58 API calls 32021->32022 32023 19f3f1 32022->32023 32024 195bb0 58 API calls 32023->32024 32025 19f408 GetProcAddress 32024->32025 32026 1a8900 58 API calls 32025->32026 32027 19f456 32026->32027 32028 195bb0 58 API calls 32027->32028 32029 19f46d GetProcAddress 32028->32029 32030 1a8900 58 API calls 32029->32030 32031 19f495 32030->32031 32032 195bb0 58 API calls 32031->32032 32033 19f4ac GetProcAddress 32032->32033 32034 1a8900 58 API calls 32033->32034 32035 19f522 32034->32035 32036 195bb0 58 API calls 32035->32036 32037 19f56a GetProcAddress 32036->32037 32038 1a8900 58 API calls 32037->32038 32039 19f5b7 32038->32039 32040 195bb0 58 API calls 32039->32040 32041 19f65f GetProcAddress 32040->32041 32042 1a8900 58 API calls 32041->32042 32043 19f687 32042->32043 32044 195bb0 58 API calls 32043->32044 32045 19f69e GetProcAddress 32044->32045 32046 1a8900 58 API calls 32045->32046 32047 19f6c6 32046->32047 32048 195bb0 58 API calls 32047->32048 32049 19f6dd GetProcAddress 32048->32049 32051 1a8900 58 API calls 32049->32051 32052 19f7a8 32051->32052 32053 195bb0 58 API calls 32052->32053 32054 19f7bf GetProcAddress 32053->32054 32055 1a8900 58 API calls 32054->32055 32056 19f82c 32055->32056 32057 195bb0 58 API calls 32056->32057 32058 19f843 GetProcAddress 32057->32058 32059 19f8da 32058->32059 32060 1a8900 58 API calls 32059->32060 32061 19f8fe 32060->32061 32062 195bb0 58 API calls 32061->32062 32063 19f96b GetProcAddress 32062->32063 32065 1a8900 58 API calls 32063->32065 32066 19fa14 32065->32066 32067 195bb0 58 API calls 32066->32067 32068 19fa2b GetProcAddress 32067->32068 32069 1a8900 58 API calls 32068->32069 32070 19fa53 32069->32070 32071 195bb0 58 API calls 32070->32071 32072 19fa6a GetProcAddress 32071->32072 32073 1a8900 58 API calls 32072->32073 32074 19fab1 32073->32074 32075 195bb0 58 API calls 32074->32075 32076 19fac8 GetProcAddress 32075->32076 32077 1a8900 58 API calls 32076->32077 32078 19faef 32077->32078 32079 195bb0 58 API calls 32078->32079 32080 19fb06 GetProcAddress 32079->32080 32081 1a8900 58 API calls 32080->32081 32082 19fbc0 32081->32082 32083 195bb0 58 API calls 32082->32083 32084 19fbd7 GetProcAddress 32083->32084 32085 1a8900 58 API calls 32084->32085 32086 19fbff 32085->32086 32087 195bb0 58 API calls 32086->32087 32088 19fc16 GetProcAddress 32087->32088 32089 1a8900 58 API calls 32088->32089 32090 19fc3e 32089->32090 32091 195bb0 58 API calls 32090->32091 32092 19fc6d GetProcAddress 32091->32092 32093 1a8900 58 API calls 32092->32093 32094 19fcbe 32093->32094 32095 195bb0 58 API calls 32094->32095 32096 19fcd5 GetProcAddress 32095->32096 32097 1a8900 58 API calls 32096->32097 32098 19fcfc 32097->32098 32099 195bb0 58 API calls 32098->32099 32100 19fd43 GetProcAddress 32099->32100 32101 1a8900 58 API calls 32100->32101 32102 19fd6a 32101->32102 32103 195bb0 58 API calls 32102->32103 32104 19fd81 GetProcAddress 32103->32104 32105 1a8900 58 API calls 32104->32105 32106 19fda8 32105->32106 32107 195bb0 58 API calls 32106->32107 32108 19fdbf GetProcAddress 32107->32108 32109 1a8900 58 API calls 32108->32109 32110 19fe12 32109->32110 32111 195bb0 58 API calls 32110->32111 32112 19fe39 GetProcAddress 32111->32112 32113 1a8900 58 API calls 32112->32113 32114 19fe61 32113->32114 32115 195bb0 58 API calls 32114->32115 32116 19fe78 GetProcAddress 32115->32116 32117 1a8900 58 API calls 32116->32117 32118 19fea0 32117->32118 32119 195bb0 58 API calls 32118->32119 32120 19feb7 GetProcAddress 32119->32120 32121 1a8900 58 API calls 32120->32121 32122 19ff1d 32121->32122 32123 195bb0 58 API calls 32122->32123 32124 19ff34 GetProcAddress 32123->32124 32125 1a8900 58 API calls 32124->32125 32126 19ff87 32125->32126 32127 195bb0 58 API calls 32126->32127 32128 19ff9e GetProcAddress 32127->32128 32129 1a8900 58 API calls 32128->32129 32130 19ffec 32129->32130 32131 195bb0 58 API calls 32130->32131 32132 1a0003 GetProcAddress 32131->32132 32133 1a8900 58 API calls 32132->32133 32134 1a002a 32133->32134 32135 195bb0 58 API calls 32134->32135 32136 1a0041 GetProcAddress 32135->32136 32137 1a8900 58 API calls 32136->32137 32138 1a0068 32137->32138 32139 195bb0 58 API calls 32138->32139 32140 1a00a9 GetProcAddress 32139->32140 32141 1a8900 58 API calls 32140->32141 32142 1a00d0 32141->32142 32143 195bb0 58 API calls 32142->32143 32144 1a00e7 GetProcAddress 32143->32144 32145 1a8900 58 API calls 32144->32145 32146 1a010e 32145->32146 32147 195bb0 58 API calls 32146->32147 32148 1a0125 GetProcAddress 32147->32148 32150 1a8900 58 API calls 32148->32150 32151 1a0262 32150->32151 32152 195bb0 58 API calls 32151->32152 32153 1a0279 GetProcAddress 32152->32153 32154 1a8900 58 API calls 32153->32154 32155 1a02ad 32154->32155 32156 195bb0 58 API calls 32155->32156 32157 1a02c4 GetProcAddress 32156->32157 32158 1a8900 58 API calls 32157->32158 32159 1a02ec 32158->32159 32160 195bb0 58 API calls 32159->32160 32161 1a0303 GetProcAddress 32160->32161 32162 1a8900 58 API calls 32161->32162 32163 1a032b 32162->32163 32164 195bb0 58 API calls 32163->32164 32165 1a0342 GetProcAddress 32164->32165 32166 1a8900 58 API calls 32165->32166 32167 1a036a 32166->32167 32168 195bb0 58 API calls 32167->32168 32169 1a0381 GetProcAddress 32168->32169 32170 1a8900 58 API calls 32169->32170 32171 1a03d3 32170->32171 32172 195bb0 58 API calls 32171->32172 32173 1a040c GetProcAddress 32172->32173 32174 1a044d 32173->32174 32175 1a8900 58 API calls 32174->32175 32176 1a04b8 32175->32176 32177 195bb0 58 API calls 32176->32177 32178 1a04cf GetProcAddress 32177->32178 32179 1a8900 58 API calls 32178->32179 32180 1a04f7 32179->32180 32181 195bb0 58 API calls 32180->32181 32182 1a050e GetProcAddress 32181->32182 32183 1a0581 32182->32183 32184 1a8900 58 API calls 32183->32184 32185 1a05bd 32184->32185 32186 195bb0 58 API calls 32185->32186 32187 1a0619 GetProcAddress 32186->32187 32188 1a8900 58 API calls 32187->32188 32189 1a0671 32188->32189 32190 195bb0 58 API calls 32189->32190 32191 1a0688 GetProcAddress 32190->32191 32192 1a8900 58 API calls 32191->32192 32193 1a06b0 32192->32193 32194 195bb0 58 API calls 32193->32194 32195 1a077f GetProcAddress 32194->32195 32196 1a8900 58 API calls 32195->32196 32197 1a07a7 32196->32197 32198 195bb0 58 API calls 32197->32198 32199 1a07be GetProcAddress 32198->32199 32200 1a8900 58 API calls 32199->32200 32201 1a07f0 32200->32201 32202 195bb0 58 API calls 32201->32202 32203 1a0827 GetProcAddress 32202->32203 32204 1a8900 58 API calls 32203->32204 32205 1a084f 32204->32205 32206 195bb0 58 API calls 32205->32206 32207 1a0866 GetProcAddress 32206->32207 32208 1a8900 58 API calls 32207->32208 32209 1a088e 32208->32209 32210 195bb0 58 API calls 32209->32210 32211 1a08d5 GetProcAddress 32210->32211 32212 1a8900 58 API calls 32211->32212 32213 1a08fd 32212->32213 32214 195bb0 58 API calls 32213->32214 32215 1a0914 GetProcAddress 32214->32215 32216 1a8900 58 API calls 32215->32216 32217 1a093c 32216->32217 32218 195bb0 58 API calls 32217->32218 32219 1a0953 GetProcAddress 32218->32219 32220 1a8900 58 API calls 32219->32220 32221 1a09ab 32220->32221 32222 195bb0 58 API calls 32221->32222 32223 1a09c2 GetProcAddress 32222->32223 32224 1a0a10 32223->32224 32225 1a8900 58 API calls 32224->32225 32226 1a0ac1 32225->32226 32227 195bb0 58 API calls 32226->32227 32228 1a0ad8 GetProcAddress 32227->32228 32229 1a0b4a 32228->32229 32230 1a8900 58 API calls 32229->32230 32231 1a0b83 32230->32231 32232 195bb0 58 API calls 32231->32232 32233 1a0b9a GetProcAddress 32232->32233 32234 1a8900 58 API calls 32233->32234 32235 1a0beb 32234->32235 32236 195bb0 58 API calls 32235->32236 32237 1a0c41 GetProcAddress 32236->32237 32238 1a8900 58 API calls 32237->32238 32239 1a0cb1 32238->32239 32240 195bb0 58 API calls 32239->32240 32241 1a0cc8 GetProcAddress 32240->32241 32242 1a8900 58 API calls 32241->32242 32243 1a0d03 32242->32243 32244 195bb0 58 API calls 32243->32244 32245 1a0d1a GetProcAddress 32244->32245 32246 1a8900 58 API calls 32245->32246 32247 1a0d42 32246->32247 32248 195bb0 58 API calls 32247->32248 32249 1a0d59 GetProcAddress 32248->32249 32250 1a8900 58 API calls 32249->32250 32251 1a0dbd 32250->32251 32252 195bb0 58 API calls 32251->32252 32253 1a0dd4 GetProcAddress 32252->32253 32254 1a0e55 32253->32254 32255 1a8900 58 API calls 32254->32255 32256 1a0e6d 32255->32256 32257 195bb0 58 API calls 32256->32257 32258 1a0e84 GetProcAddress 32257->32258 32259 1a8900 58 API calls 32258->32259 32260 1a0ebd 32259->32260 32261 195bb0 58 API calls 32260->32261 32262 1a0eec LoadLibraryA 32261->32262 32263 195bb0 58 API calls 32262->32263 32264 1a0f0f 32263->32264 32265 1a0fcb 32264->32265 32266 1a0f76 32264->32266 32268 1a8900 58 API calls 32265->32268 32267 1a8900 58 API calls 32266->32267 32269 1a0f82 LoadLibraryA 32267->32269 32270 1a0fd7 GetProcAddress 32268->32270 32271 195bb0 58 API calls 32269->32271 32272 1a8900 58 API calls 32270->32272 32273 1a0fab 32271->32273 32274 1a1005 32272->32274 32273->32265 32275 195bb0 58 API calls 32274->32275 32276 1a101c GetProcAddress 32275->32276 32277 1a8900 58 API calls 32276->32277 32278 1a1058 32277->32278 32279 195bb0 58 API calls 32278->32279 32280 1a108d GetProcAddress 32279->32280 32281 1a8900 58 API calls 32280->32281 32282 1a10f9 32281->32282 32283 195bb0 58 API calls 32282->32283 32284 1a1120 GetProcAddress 32283->32284 32285 1a8900 58 API calls 32284->32285 32286 1a1148 32285->32286 32287 195bb0 58 API calls 32286->32287 32288 1a115f GetProcAddress 32287->32288 32289 1a8900 58 API calls 32288->32289 32290 1a11a1 32289->32290 32291 195bb0 58 API calls 32290->32291 32292 1a11b8 GetProcAddress 32291->32292 32293 1a8900 58 API calls 32292->32293 32294 1a11e0 32293->32294 32295 195bb0 58 API calls 32294->32295 32296 1a11f7 GetProcAddress 32295->32296 32297 1a8900 58 API calls 32296->32297 32298 1a1246 32297->32298 32299 195bb0 58 API calls 32298->32299 32300 1a12a8 GetProcAddress 32299->32300 32301 1a8900 58 API calls 32300->32301 32302 1a12d0 32301->32302 32303 195bb0 58 API calls 32302->32303 32304 1a12e7 GetProcAddress 32303->32304 32305 1a8900 58 API calls 32304->32305 32306 1a130f 32305->32306 32307 195bb0 58 API calls 32306->32307 32308 1a1326 GetProcAddress 32307->32308 32310 1a8900 58 API calls 32308->32310 32311 1a1516 32310->32311 32312 195bb0 58 API calls 32311->32312 32313 1a152d GetProcAddress 32312->32313 32315 1a8900 58 API calls 32313->32315 32316 1a15f7 32315->32316 32317 195bb0 58 API calls 32316->32317 32318 1a1623 GetProcAddress 32317->32318 32319 1a8900 58 API calls 32318->32319 32320 1a164b 32319->32320 32321 195bb0 58 API calls 32320->32321 32322 1a1662 GetProcAddress 32321->32322 32323 1a8900 58 API calls 32322->32323 32324 1a168a 32323->32324 32325 195bb0 58 API calls 32324->32325 32326 1a16a1 GetProcAddress 32325->32326 32327 1a8900 58 API calls 32326->32327 32328 1a16c9 32327->32328 32329 195bb0 58 API calls 32328->32329 32330 1a1720 GetProcAddress 32329->32330 32331 1a8900 58 API calls 32330->32331 32332 1a1747 32331->32332 32333 195bb0 58 API calls 32332->32333 32334 1a175e GetProcAddress 32333->32334 32335 1a8900 58 API calls 32334->32335 32336 1a17bd 32335->32336 32337 195bb0 58 API calls 32336->32337 32338 1a17d4 GetProcAddress 32337->32338 32339 1a8900 58 API calls 32338->32339 32340 1a17fc 32339->32340 32341 195bb0 58 API calls 32340->32341 32342 1a18af LoadLibraryA 32341->32342 32343 1a8900 58 API calls 32342->32343 32344 1a18d0 32343->32344 32345 195bb0 58 API calls 32344->32345 32346 1a18e7 GetProcAddress 32345->32346 32347 1a8900 58 API calls 32346->32347 32348 1a193d 32347->32348 32349 195bb0 58 API calls 32348->32349 32350 1a1954 GetProcAddress 32349->32350 32352 1a8900 58 API calls 32350->32352 32353 1a19a7 32352->32353 32354 195bb0 58 API calls 32353->32354 32355 1a19be GetProcAddress 32354->32355 32356 1a8900 58 API calls 32355->32356 32357 1a19fe 32356->32357 32358 195bb0 58 API calls 32357->32358 32359 1a1a15 GetProcAddress 32358->32359 32360 1a8900 58 API calls 32359->32360 32361 1a1a3d 32360->32361 32362 195bb0 58 API calls 32361->32362 32363 1a1a78 GetProcAddress 32362->32363 32364 1a8900 58 API calls 32363->32364 32365 1a1ab0 32364->32365 32366 195bb0 58 API calls 32365->32366 32367 1a1ac7 GetProcAddress 32366->32367 32368 1a8900 58 API calls 32367->32368 32369 1a1aef 32368->32369 32370 195bb0 58 API calls 32369->32370 32371 1a1b06 GetProcAddress 32370->32371 32372 1a8900 58 API calls 32371->32372 32373 1a1b52 32372->32373 32374 195bb0 58 API calls 32373->32374 32375 1a1b99 GetProcAddress 32374->32375 32376 1a1bd5 32375->32376 32377 1a8900 58 API calls 32376->32377 32378 1a1bf1 32377->32378 32379 195bb0 58 API calls 32378->32379 32380 1a1c08 GetProcAddress 32379->32380 32381 1a1c4a 32380->32381 32382 1a8900 58 API calls 32381->32382 32383 1a1ca2 32382->32383 32384 195bb0 58 API calls 32383->32384 32385 1a1cb9 GetProcAddress 32384->32385 32386 1a8900 58 API calls 32385->32386 32387 1a1d4d 32386->32387 32388 195bb0 58 API calls 32387->32388 32389 1a1d64 GetProcAddress 32388->32389 32390 1a8900 58 API calls 32389->32390 32391 1a1d8c 32390->32391 32392 195bb0 58 API calls 32391->32392 32393 1a1da3 GetProcAddress 32392->32393 32394 1a8900 58 API calls 32393->32394 32395 1a1dcb 32394->32395 32396 195bb0 58 API calls 32395->32396 32397 1a1de2 GetProcAddress 32396->32397 32398 1a8900 58 API calls 32397->32398 32399 1a1e0a 32398->32399 32400 195bb0 58 API calls 32399->32400 32401 1a1e21 GetProcAddress 32400->32401 32402 1a8900 58 API calls 32401->32402 32403 1a1e49 32402->32403 32404 195bb0 58 API calls 32403->32404 32405 1a1e78 GetProcAddress 32404->32405 32406 1a8900 58 API calls 32405->32406 32407 1a1ea0 32406->32407 32408 195bb0 58 API calls 32407->32408 32409 1a1eb7 GetProcAddress 32408->32409 32410 1a8900 58 API calls 32409->32410 32411 1a1f68 32410->32411 32412 195bb0 58 API calls 32411->32412 32413 1a1f7f GetProcAddress 32412->32413 32414 1a8900 58 API calls 32413->32414 32415 1a1fbe 32414->32415 32416 195bb0 58 API calls 32415->32416 32417 1a200d GetProcAddress 32416->32417 32418 1a8900 58 API calls 32417->32418 32419 1a2034 32418->32419 32420 195bb0 58 API calls 32419->32420 32421 1a204b GetProcAddress 32420->32421 32422 1a8900 58 API calls 32421->32422 32423 1a20e0 32422->32423 32424 195bb0 58 API calls 32423->32424 32425 1a2107 GetProcAddress 32424->32425 32426 1a8900 58 API calls 32425->32426 32427 1a2139 32426->32427 32428 195bb0 58 API calls 32427->32428 32429 1a2164 GetProcAddress 32428->32429 32430 1a8900 58 API calls 32429->32430 32431 1a218c 32430->32431 32432 195bb0 58 API calls 32431->32432 32433 1a21a3 GetProcAddress 32432->32433 32434 1a8900 58 API calls 32433->32434 32435 1a21cb 32434->32435 32436 195bb0 58 API calls 32435->32436 32437 1a21e2 GetProcAddress 32436->32437 32438 1a8900 58 API calls 32437->32438 32439 1a220a 32438->32439 32440 195bb0 58 API calls 32439->32440 32441 1a2221 GetProcAddress 32440->32441 32442 1a8900 58 API calls 32441->32442 32443 1a2249 32442->32443 32444 195bb0 58 API calls 32443->32444 32445 1a2288 GetProcAddress 32444->32445 32446 195bb0 58 API calls 32445->32446 32447 1a22b2 32446->32447 32616 187de0 GetSystemTime 32447->32616 32450 1a8900 58 API calls 32451 1a2324 GetEnvironmentVariableA 32450->32451 32452 195bb0 58 API calls 32451->32452 32453 1a2388 CreateMutexA CreateMutexA CreateMutexA 32452->32453 32622 1a94dd 32453->32622 32457 1a2609 32630 19acd0 32457->32630 32459 1a253a GetTickCount 32462 1a254f __itow 32459->32462 32460 1a23ec 32460->32457 32460->32459 32461 1a263f GetCommandLineA 32463 1a2669 32461->32463 32464 1a8900 58 API calls 32462->32464 32463->32463 32465 1a8900 58 API calls 32463->32465 32467 1a255e 32464->32467 32466 1a26a6 32465->32466 32468 195bb0 58 API calls 32466->32468 32467->32467 32470 195bb0 58 API calls 32467->32470 32469 1a271f 32468->32469 32471 1a3039 GetCommandLineA 32469->32471 32472 1a276c 32469->32472 32470->32457 32475 1a307d 32471->32475 32473 1a8900 58 API calls 32472->32473 32474 1a2778 32473->32474 32476 195bb0 58 API calls 32474->32476 32477 1a30f0 GetModuleFileNameA 32475->32477 32478 1a27a8 32476->32478 32754 1d5f2b 32477->32754 32480 1a2802 32478->32480 32481 1aa5b0 58 API calls 32478->32481 32482 1a8900 58 API calls 32480->32482 32481->32480 32483 1a285c 32482->32483 32485 195bb0 58 API calls 32483->32485 32484 1a3150 32484->32484 32487 1d5f2b 63 API calls 32484->32487 32486 1a28c0 32485->32486 32488 1a28d0 32486->32488 32490 1aa5b0 58 API calls 32486->32490 32489 1a31e5 32487->32489 32492 1a8900 58 API calls 32488->32492 32491 1d5f2b 63 API calls 32489->32491 32490->32488 32497 1a31f4 32491->32497 32499 1a2918 32492->32499 32493 1a34d4 32765 191a50 59 API calls _memset 32493->32765 32495 1a35d3 32496 1a36cb 32495->32496 32500 1aa5b0 58 API calls 32495->32500 32766 198370 100 API calls 4 library calls 32496->32766 32497->32493 32763 19a370 94 API calls _memset 32497->32763 32499->32499 32502 195bb0 58 API calls 32499->32502 32500->32496 32501 1a36d0 32503 1a8e80 GetSystemTimeAsFileTime 32501->32503 32540 1a29aa 32502->32540 32516 1a3758 32503->32516 32505 1a326e 32764 190e80 63 API calls _memset 32505->32764 32508 1a2a43 Sleep 32746 1aa7e0 32508->32746 32509 1a3350 32511 1a34ae 32509->32511 32513 1a8900 58 API calls 32509->32513 32514 1aa5b0 58 API calls 32511->32514 32517 1a3369 LoadLibraryA 32513->32517 32514->32493 32515 1a2fec Sleep 32515->32540 32516->32516 32521 1a38b1 WSAStartup 32516->32521 32518 1a8900 58 API calls 32517->32518 32519 1a3391 32518->32519 32520 195bb0 58 API calls 32519->32520 32522 1a33a8 GetProcAddress 32520->32522 32525 1a3937 32521->32525 32535 1a39f6 32521->32535 32527 195bb0 58 API calls 32522->32527 32523 1aa7e0 125 API calls __stat32i64 32523->32540 32524 199ee0 67 API calls 32524->32540 32526 1a8900 58 API calls 32525->32526 32528 1a3943 32526->32528 32529 1a33d3 32527->32529 32767 19d530 59 API calls 32528->32767 32532 1a8900 58 API calls 32529->32532 32554 1a33e5 32532->32554 32533 1a2c7e GetModuleFileNameA SetFileAttributesA 32538 1a2cd3 CopyFileA 32533->32538 32583 1a2cb3 32533->32583 32534 1a3a28 32544 1a3a9a CloseHandle SetFileAttributesA CopyFileA 32534->32544 32561 1a3b7d 32534->32561 32535->32534 32768 194900 65 API calls 2 library calls 32535->32768 32536 1a2c3c Sleep 32536->32540 32537 1a3958 32542 195bb0 58 API calls 32537->32542 32538->32583 32540->32508 32540->32515 32540->32523 32540->32524 32540->32533 32725 1a8e80 32540->32725 32728 196e60 CreateToolhelp32Snapshot 32540->32728 32737 197e90 32540->32737 32742 1aa5b0 32540->32742 32541 1a3a18 32545 1a3a23 32541->32545 32549 1aa5b0 58 API calls 32541->32549 32542->32535 32547 1a3b75 32544->32547 32548 1a3ad7 SetFileAttributesA 32544->32548 32769 19c1f0 Sleep GetSystemTimeAsFileTime 32545->32769 32786 181da0 32547->32786 32552 1a3afb 32548->32552 32553 1a3aef 32548->32553 32549->32545 32550 1a3bd9 SetFileAttributesA CopyFileA SetFileAttributesA 32559 1a3c56 32550->32559 32563 1a3b1f Sleep 32552->32563 32771 190510 61 API calls 32552->32771 32770 198de0 9 API calls 32553->32770 32558 195bb0 58 API calls 32554->32558 32562 1a34a4 32558->32562 32565 1a8900 58 API calls 32559->32565 32561->32550 32568 1a3bbb 32561->32568 32572 196e60 70 API calls 32561->32572 32772 199ee0 32561->32772 32569 1aa5b0 58 API calls 32562->32569 32566 197e90 3 API calls 32563->32566 32577 1a3c65 32565->32577 32566->32547 32567 1aa5b0 58 API calls 32571 1a3fa7 32567->32571 32568->32550 32569->32511 32570 1a3b1c 32570->32563 32571->31682 32573 1a3bc9 Sleep 32572->32573 32573->32561 32574 1a2f33 SetFileAttributesA 32574->32540 32575 1a2f25 SetFileAttributesA 32575->32540 32576 1a8900 58 API calls 32576->32583 32577->32577 32578 1a8900 58 API calls 32577->32578 32579 1a3d16 32578->32579 32581 195bb0 58 API calls 32579->32581 32580 195bb0 58 API calls 32580->32583 32582 1a3d2d 32581->32582 32782 1aae47 76 API calls __fsopen 32582->32782 32583->32538 32583->32574 32583->32575 32583->32576 32583->32580 32585 1a3d88 32586 195bb0 58 API calls 32585->32586 32587 1a3d9f 32586->32587 32783 182240 104 API calls __fcloseall 32587->32783 32589 1a3dc5 32590 1a8900 58 API calls 32589->32590 32591 1a3de6 32590->32591 32592 1a8900 58 API calls 32591->32592 32593 1a3dfb 32592->32593 32784 1ab368 83 API calls 3 library calls 32593->32784 32595 1a3e28 32596 195bb0 58 API calls 32595->32596 32597 1a3ec0 32596->32597 32598 195bb0 58 API calls 32597->32598 32599 1a3ed1 32598->32599 32600 197e90 3 API calls 32599->32600 32601 1a3ee3 _memset 32600->32601 32602 1a3f0f CreateThread 32601->32602 32603 1a3f59 32602->32603 32604 1a3f5e Sleep 32602->32604 32785 19d5e0 StartServiceCtrlDispatcherA 32603->32785 32604->32604 32606->31958 32607->31963 32609 1a8914 32608->32609 32610 1aa6fd _malloc 58 API calls 32609->32610 32611 1a8980 _memmove 32610->32611 32611->31971 32613 195c06 _memset 32612->32613 32614 1aa688 _free 58 API calls 32613->32614 32615 195c48 GetProcAddress 32614->32615 32615->31992 32617 187e72 32616->32617 32618 1a8e80 GetSystemTimeAsFileTime 32617->32618 32619 187e9b GetTickCount 32618->32619 32790 1aa678 32619->32790 32624 1a94e5 32622->32624 32623 1aa6fd _malloc 58 API calls 32623->32624 32624->32623 32625 1a23cf 32624->32625 32627 1a9503 std::exception::exception 32624->32627 32793 1afc1f DecodePointer 32624->32793 32625->32460 32745 197540 59 API calls 32625->32745 32794 1af37c RaiseException 32627->32794 32629 1a952d 32795 18d580 32630->32795 32632 19acf5 GetVersionExA 32797 18a200 32632->32797 32637 19aec2 32639 1a8900 58 API calls 32637->32639 32640 19aee3 32639->32640 32817 19de40 32640->32817 32643 19ad75 32643->32643 32645 19adf8 CreateDirectoryA 32643->32645 32644 195bb0 58 API calls 32649 19af0c 32644->32649 32646 1a8900 58 API calls 32645->32646 32647 19ae30 32646->32647 32647->32647 32648 195bb0 58 API calls 32647->32648 32648->32637 32821 194360 32649->32821 32652 19b0de 32654 18e620 59 API calls 32652->32654 32653 19b072 DeleteFileA 32655 19b0d1 RemoveDirectoryA 32653->32655 32656 19b0a0 32653->32656 32657 19b127 32654->32657 32655->32652 32656->32655 32657->32657 32658 19b1da CreateDirectoryA 32657->32658 32659 19b21f 32658->32659 32660 19b266 CreateDirectoryA 32659->32660 32661 1a8900 58 API calls 32660->32661 32662 19b287 32661->32662 32662->32662 32663 1a8900 58 API calls 32662->32663 32664 19b317 32663->32664 32665 195bb0 58 API calls 32664->32665 32666 19b34d 32665->32666 32667 19de40 59 API calls 32666->32667 32668 19b469 32667->32668 32669 195bb0 58 API calls 32668->32669 32670 19b477 32669->32670 32671 194360 5 API calls 32670->32671 32672 19b4d5 32671->32672 32673 19bbba 32672->32673 32674 19b4e9 32672->32674 32675 19b531 32672->32675 32677 19bbc6 SetFileAttributesA 32673->32677 32678 1a8900 58 API calls 32674->32678 32676 1a8900 58 API calls 32675->32676 32679 19b53d 32676->32679 32686 19bc35 _memset codecvt 32677->32686 32680 19b4f5 32678->32680 32836 1ab368 83 API calls 3 library calls 32679->32836 32835 1ab368 83 API calls 3 library calls 32680->32835 32683 19b563 32685 195bb0 58 API calls 32683->32685 32684 19b51b 32687 195bb0 58 API calls 32684->32687 32688 19b52c CreateDirectoryA 32685->32688 32686->32461 32687->32688 32690 19b643 32688->32690 32690->32690 32691 19b683 CreateDirectoryA 32690->32691 32692 1a8900 58 API calls 32691->32692 32693 19b6c8 32692->32693 32693->32693 32694 1a8900 58 API calls 32693->32694 32695 19b758 32694->32695 32696 195bb0 58 API calls 32695->32696 32697 19b76f 32696->32697 32698 19de40 59 API calls 32697->32698 32699 19b784 32698->32699 32700 195bb0 58 API calls 32699->32700 32701 19b792 32700->32701 32702 194360 5 API calls 32701->32702 32703 19b7be 32702->32703 32703->32673 32704 19b7c9 GetTempPathA 32703->32704 32705 19b7f0 32704->32705 32705->32705 32706 19b8ec CreateDirectoryA 32705->32706 32707 1a8900 58 API calls 32706->32707 32708 19b90d 32707->32708 32708->32708 32709 1a8900 58 API calls 32708->32709 32710 19b9b1 32709->32710 32711 195bb0 58 API calls 32710->32711 32712 19b9c8 32711->32712 32713 19de40 59 API calls 32712->32713 32714 19b9dd 32713->32714 32715 195bb0 58 API calls 32714->32715 32716 19b9eb 32715->32716 32717 194360 5 API calls 32716->32717 32718 19ba17 32717->32718 32719 19bb1f 32718->32719 32720 19ba22 GetTempPathA 32718->32720 32719->32673 32721 19ba50 32720->32721 32721->32721 32722 1a8900 58 API calls 32721->32722 32723 19ba8d 32722->32723 32723->32723 32724 195bb0 58 API calls 32723->32724 32724->32719 32855 1aa78f GetSystemTimeAsFileTime 32725->32855 32727 1a8e8c 32727->32540 32729 196f15 Process32First 32728->32729 32731 197135 _memset 32728->32731 32733 196f7a 32729->32733 32730 19712b CloseHandle 32730->32731 32731->32536 32732 1d5f2b 63 API calls 32732->32733 32733->32730 32733->32732 32734 197108 Process32Next 32733->32734 32735 19709a OpenProcess 32733->32735 32734->32733 32735->32734 32736 1970b4 TerminateProcess CloseHandle 32735->32736 32736->32734 32857 1aecc0 32737->32857 32740 197f5a CloseHandle CloseHandle 32741 197fa5 32740->32741 32741->32540 32859 1aa481 32742->32859 32744 1aa5bf 32744->32515 32745->32460 32747 1aa7ee 32746->32747 32751 1aa7fa 32746->32751 32886 1a9fe3 63 API calls 5 library calls 32747->32886 32753 1a2a97 32751->32753 32887 1b2c21 32751->32887 32752 1aa688 _free 58 API calls 32752->32753 32753->32540 32755 1d5f37 32754->32755 32756 1d5f72 32754->32756 32759 1d5f52 32755->32759 33051 1b0f5a 58 API calls __getptd_noexit 32755->33051 33053 1d5fb3 63 API calls 2 library calls 32756->33053 32759->32484 32760 1d5f43 33052 1b0452 9 API calls __invalid_parameter_noinfo_noreturn 32760->33052 32762 1d5f4e 32762->32484 32763->32505 32764->32509 32765->32495 32766->32501 32767->32537 32768->32541 32769->32534 32770->32552 32771->32570 32773 199f15 CreateToolhelp32Snapshot 32772->32773 32775 19a020 Process32First 32773->32775 32776 19a253 _memset 32773->32776 32779 19a056 32775->32779 32776->32561 32777 19a214 CloseHandle 32777->32776 32778 1d5f2b 63 API calls 32778->32779 32779->32777 32779->32778 32780 19a1c3 Process32Next 32779->32780 32781 19a113 32779->32781 32780->32779 32781->32777 32782->32585 32783->32589 32784->32595 32785->32604 32787 181e2f 32786->32787 32788 181e67 WaitForSingleObject 32786->32788 32787->32788 32789 181ed1 32788->32789 32789->32567 32791 1b28c0 ___get_qualified_locale_downlevel 58 API calls 32790->32791 32792 187f31 32791->32792 32792->32450 32793->32624 32794->32629 32796 18d58f 32795->32796 32796->32632 32798 18a28c 32797->32798 32799 18a2c2 AllocateAndInitializeSid 32797->32799 32798->32799 32800 18a324 CheckTokenMembership 32799->32800 32803 18a435 32799->32803 32801 18a402 FreeSid 32800->32801 32802 18a357 32800->32802 32801->32803 32802->32801 32804 186ca0 32803->32804 32805 1a8900 58 API calls 32804->32805 32806 186cd8 GetProcAddress 32805->32806 32807 195bb0 58 API calls 32806->32807 32808 186d5c 32807->32808 32809 186d7e GetCurrentProcess 32808->32809 32810 186d8c 32808->32810 32809->32810 32810->32637 32811 18e620 GetWindowsDirectoryA 32810->32811 32812 18e688 32811->32812 32813 1a8900 58 API calls 32812->32813 32816 18e6ec 32812->32816 32814 18e6a1 32813->32814 32815 195bb0 58 API calls 32814->32815 32815->32816 32816->32643 32819 19de84 codecvt 32817->32819 32837 194780 32819->32837 32822 19436d __write_nolock 32821->32822 32823 181da0 WaitForSingleObject 32822->32823 32824 1943d5 32823->32824 32825 1943e1 32824->32825 32826 1943f6 CreateFileA 32824->32826 32827 186df0 ReleaseMutex 32825->32827 32828 194418 32826->32828 32831 19442e _memmove 32826->32831 32829 1943ec 32827->32829 32830 186df0 ReleaseMutex 32828->32830 32829->32652 32829->32653 32830->32829 32832 19449d WriteFile 32831->32832 32832->32831 32833 194549 CloseHandle 32832->32833 32853 186df0 ReleaseMutex 32833->32853 32835->32684 32836->32683 32840 188950 32837->32840 32841 188960 _DebugHeapAllocator 32840->32841 32844 197dd0 32841->32844 32843 188970 32843->32644 32845 197de3 _DebugHeapAllocator 32844->32845 32846 197e0a 32845->32846 32847 197dea std::ios_base::clear 32845->32847 32852 18bea0 59 API calls 2 library calls 32846->32852 32851 18e390 59 API calls 4 library calls 32847->32851 32850 197e08 std::ios_base::clear char_traits 32850->32843 32851->32850 32852->32850 32854 186e11 32853->32854 32854->32829 32856 1aa7bd __time64 32855->32856 32856->32727 32858 197f01 CreateProcessA 32857->32858 32858->32740 32858->32741 32860 1aa48d __wsopen_helper 32859->32860 32861 1b050d __lock 51 API calls 32860->32861 32862 1aa494 32861->32862 32863 1aa4c2 DecodePointer 32862->32863 32868 1aa54d _doexit 32862->32868 32865 1aa4d9 DecodePointer 32863->32865 32863->32868 32872 1aa4e9 32865->32872 32866 1aa5aa __wsopen_helper 32866->32744 32879 1aa59b 32868->32879 32870 1aa4f6 EncodePointer 32870->32872 32871 1aa592 32873 1aa17e __heap_alloc 3 API calls 32871->32873 32872->32868 32872->32870 32874 1aa506 DecodePointer EncodePointer 32872->32874 32875 1aa59b 32873->32875 32878 1aa518 DecodePointer DecodePointer 32874->32878 32876 1aa5a8 32875->32876 32884 1b0697 LeaveCriticalSection 32875->32884 32876->32744 32878->32872 32880 1aa57b 32879->32880 32881 1aa5a1 32879->32881 32880->32866 32883 1b0697 LeaveCriticalSection 32880->32883 32885 1b0697 LeaveCriticalSection 32881->32885 32883->32871 32884->32876 32885->32880 32886->32751 32888 1b2c5f 32887->32888 32889 1b2c43 32887->32889 32888->32889 32893 1b2c63 _wcspbrk 32888->32893 32956 1b0f26 58 API calls __getptd_noexit 32889->32956 32891 1b2c48 32957 1b0f5a 58 API calls __getptd_noexit 32891->32957 32894 1b2c74 32893->32894 32897 1b2cae 32893->32897 32898 1b2c91 32893->32898 32959 1b0f5a 58 API calls __getptd_noexit 32894->32959 32895 1b2c4f 32958 1b0452 9 API calls __invalid_parameter_noinfo_noreturn 32895->32958 32962 1c0cfa 60 API calls 4 library calls 32897->32962 32898->32894 32961 1c08cb 61 API calls __towlower_l 32898->32961 32901 1b2c79 32960 1b0f26 58 API calls __getptd_noexit 32901->32960 32902 1b2cb3 FindFirstFileExW 32905 1b2dc8 32902->32905 32912 1b2cda _wcspbrk 32902->32912 32908 1b2e41 32905->32908 32911 1b2de0 32905->32911 32906 1b2ca5 32906->32902 32907 1af36d __87except 6 API calls 32909 1aa812 32907->32909 32910 1b2e59 FileTimeToSystemTime 32908->32910 32913 1b2e51 32908->32913 32909->32752 32914 1b306e GetLastError 32910->32914 32915 1b2e75 SystemTimeToTzSpecificLocalTime 32910->32915 32985 1c1750 59 API calls __wsopen_helper 32911->32985 32912->32894 32963 1b2bc3 67 API calls 2 library calls 32912->32963 32921 1b2eea FileTimeToSystemTime 32913->32921 32924 1b2edc 32913->32924 32991 1b0f39 58 API calls 3 library calls 32914->32991 32915->32914 32919 1b2e8c 32915->32919 32923 1c091e ___loctotime64_t 82 API calls 32919->32923 32920 1b2e08 32920->32894 32928 1b2e20 32920->32928 32925 1b304e GetLastError 32921->32925 32926 1b2f06 SystemTimeToTzSpecificLocalTime 32921->32926 32922 1b307a FindClose 32954 1b2c5a 32922->32954 32923->32913 32933 1b2f7b FileTimeToSystemTime 32924->32933 32938 1b2f6d FindClose 32924->32938 32990 1b0f39 58 API calls 3 library calls 32925->32990 32926->32925 32929 1b2f1d 32926->32929 32927 1b2dab 32927->32894 32934 1aa688 _free 58 API calls 32927->32934 32986 1c04a4 94 API calls 8 library calls 32928->32986 32932 1c091e ___loctotime64_t 82 API calls 32929->32932 32932->32924 32933->32925 32940 1b2f97 SystemTimeToTzSpecificLocalTime 32933->32940 32934->32894 32935 1b2e39 FindClose 32935->32954 32936 1b2d0a _IsRootUNCName _TestDefaultLanguage 32936->32927 32941 1b2d37 GetDriveTypeW 32936->32941 32937 1b2e2c 32987 1b3f18 63 API calls 5 library calls 32937->32987 32947 1b2ffa 32938->32947 32940->32925 32945 1b2fae 32940->32945 32941->32927 32942 1b2d4a 32941->32942 32946 1b2d5d 32942->32946 32949 1aa688 _free 58 API calls 32942->32949 32948 1c091e ___loctotime64_t 82 API calls 32945->32948 32964 1c091e 32946->32964 32988 1c1819 61 API calls 2 library calls 32947->32988 32948->32938 32949->32946 32952 1b3006 32952->32954 32989 1b0f5a 58 API calls __getptd_noexit 32952->32989 32954->32907 32956->32891 32957->32895 32958->32954 32959->32901 32960->32954 32961->32906 32962->32902 32963->32936 32965 1c0b56 32964->32965 32969 1c0954 32964->32969 33010 1b0f5a 58 API calls __getptd_noexit 32965->33010 32967 1af36d __87except 6 API calls 32968 1b2d8f 32967->32968 32968->32947 32969->32965 32970 1c09f6 32969->32970 32992 1cf430 32970->32992 32972 1c0a33 33000 1cf31f 58 API calls __wsopen_helper 32972->33000 32974 1c0a3c 32975 1c0b77 32974->32975 33001 1cf349 58 API calls __wsopen_helper 32974->33001 33011 1b047d 8 API calls 2 library calls 32975->33011 32978 1c0b83 32979 1c0a4e 32979->32975 33002 1cf373 32979->33002 32981 1c0a60 32981->32975 32982 1c0a69 strtoxq 32981->32982 32983 1c0b43 32982->32983 33009 1cf480 58 API calls 4 library calls 32982->33009 32983->32967 32985->32920 32986->32937 32987->32935 32988->32952 32989->32954 32990->32935 32991->32922 32993 1cf43c __wsopen_helper 32992->32993 32994 1cf471 __wsopen_helper 32993->32994 32995 1b050d __lock 58 API calls 32993->32995 32994->32972 32996 1cf44c 32995->32996 32999 1cf45f 32996->32999 33012 1cf713 32996->33012 33041 1cf477 LeaveCriticalSection _doexit 32999->33041 33000->32974 33001->32979 33003 1cf37d 33002->33003 33004 1cf392 33002->33004 33049 1b0f5a 58 API calls __getptd_noexit 33003->33049 33004->32981 33006 1cf382 33050 1b0452 9 API calls __invalid_parameter_noinfo_noreturn 33006->33050 33008 1cf38d 33008->32981 33009->32983 33010->32983 33011->32978 33013 1cf71f __wsopen_helper 33012->33013 33014 1b050d __lock 58 API calls 33013->33014 33015 1cf73d __tzset_nolock 33014->33015 33016 1cf373 ___loctotime64_t 58 API calls 33015->33016 33017 1cf752 33016->33017 33039 1cf7f1 __tzset_nolock 33017->33039 33042 1cf31f 58 API calls __wsopen_helper 33017->33042 33020 1cf764 33020->33039 33043 1cf349 58 API calls __wsopen_helper 33020->33043 33021 1cf83d GetTimeZoneInformation 33021->33039 33022 1aa688 _free 58 API calls 33022->33039 33024 1cf776 33024->33039 33044 1cdcba 58 API calls 2 library calls 33024->33044 33026 1cf8a4 WideCharToMultiByte 33026->33039 33027 1cf784 33045 1d3af3 79 API calls 3 library calls 33027->33045 33029 1cf8dc WideCharToMultiByte 33029->33039 33031 1cf7d8 _strlen 33033 1afccb __malloc_crt 58 API calls 33031->33033 33032 1bdb75 58 API calls __tzset_nolock 33032->33039 33036 1cf7e6 _strlen 33033->33036 33034 1cf7a5 type_info::operator== 33034->33031 33035 1aa688 _free 58 API calls 33034->33035 33034->33039 33035->33031 33036->33039 33046 1bc4ed 58 API calls __wsopen_helper 33036->33046 33038 1cfa23 __tzset_nolock __wsopen_helper 33038->32999 33039->33021 33039->33022 33039->33026 33039->33029 33039->33032 33039->33038 33040 1aa62f 61 API calls UnDecorator::getZName 33039->33040 33047 1b047d 8 API calls 2 library calls 33039->33047 33048 1cf9a3 LeaveCriticalSection _doexit 33039->33048 33040->33039 33041->32994 33042->33020 33043->33024 33044->33027 33045->33034 33046->33039 33047->33039 33048->33039 33049->33006 33050->33008 33051->32760 33052->32762 33053->32759

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 0019E9C0 Relevance: 268.9, APIs: 150, Strings: 1, Instructions: 4607libraryloadersleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0019ECF9
                                                                                                                                                                                                                • _memset.LIBCMT ref: 0019ED7D
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?), ref: 0019EF7A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F009
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F0CA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F194
                                                                                                                                                                                                                  • Part of subcall function 001A8900: _malloc.LIBCMT ref: 001A897B
                                                                                                                                                                                                                  • Part of subcall function 001A8900: _memmove.LIBCMT ref: 001A8A89
                                                                                                                                                                                                                  • Part of subcall function 00195BB0: _memset.LIBCMT ref: 00195C01
                                                                                                                                                                                                                  • Part of subcall function 00195BB0: _free.LIBCMT ref: 00195C43
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F2E2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F320
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F35E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F39C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F3DA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F418
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F47E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F4F9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F57A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F670
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F6AF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F77F
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F7FC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F853
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019F9FD
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FA3C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FA7B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FAD8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FB4E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FBE8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FC27
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FCA7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FCE5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FD53
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FD91
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FDCF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FE4A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FE89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FEC8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FF70
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 0019FFAE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0013
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0051
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A00B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A00F7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A024B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A028A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A02D5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0314
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0353
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A03BC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A041D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A04E0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A054B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A065A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0699
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0790
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A07D9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0838
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0877
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A08E6
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0925
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0964
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A09D3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0AE9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0BD4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0C52
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0CD9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0D2B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0D6A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0E21
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,?), ref: 001A0EA6
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 001A0EF6
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 001A0F92
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A0FEE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A102D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A10E2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A1131
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A118A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A11C9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A1208
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A12B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A12F8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A14DB
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A15E0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A1634
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A1673
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A16B2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A1730
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A176E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(74D60000,?), ref: 001A17E5
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 001A18B9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A18F8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1990
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A19CF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1A26
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1A89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1AD8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1B3B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1BAA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1C18
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1D36
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1D75
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1DB4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1DF3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1E32
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1E89
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1EF0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A1FA7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A201D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A205B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A2118
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A2175
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A21B4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A21F3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A2232
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000,?), ref: 001A2299
                                                                                                                                                                                                                  • Part of subcall function 00187DE0: GetSystemTime.KERNEL32(?,?,?,?,?,?,001874FC), ref: 00187E5C
                                                                                                                                                                                                                  • Part of subcall function 00187DE0: GetTickCount.KERNEL32 ref: 00187EEF
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(?,C:\Windows\system32\config\systemprofile,00000104), ref: 001A233E
                                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 001A2391
                                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 001A23AC
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 001A23BD
                                                                                                                                                                                                                  • Part of subcall function 001A94DD: _malloc.LIBCMT ref: 001A94F5
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 001A2543
                                                                                                                                                                                                                • __itow.LIBCMT ref: 001A254A
                                                                                                                                                                                                                  • Part of subcall function 0019ACD0: GetVersionExA.KERNEL32(001E6DB8), ref: 0019AD42
                                                                                                                                                                                                                  • Part of subcall function 0019ACD0: CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 0019AE1E
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 001A2A37
                                                                                                                                                                                                                  • Part of subcall function 001AA7E0: ___copy_path_to_wide_string.LIBCMT ref: 001AA7F5
                                                                                                                                                                                                                • Sleep.KERNEL32(00000D05), ref: 001A2A7E
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 001A2A92
                                                                                                                                                                                                                  • Part of subcall function 001AA7E0: __wstat64i32.LIBCMT ref: 001AA80D
                                                                                                                                                                                                                  • Part of subcall function 001AA7E0: _free.LIBCMT ref: 001AA817
                                                                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 001A2C44
                                                                                                                                                                                                                • __stat32i64.LIBCMT ref: 001A2C57
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000200), ref: 001A2C8C
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000080), ref: 001A2C9B
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,00000000,00000000), ref: 001A2CE0
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000002), ref: 001A2F2B
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000080), ref: 001A2F3C
                                                                                                                                                                                                                • Sleep.KERNELBASE(000003E8), ref: 001A302E
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 001A3071
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000200), ref: 001A313E
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 001A3379
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 001A33B9
                                                                                                                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 001A3912
                                                                                                                                                                                                                  • Part of subcall function 00191CE0: _strstr.LIBCMT ref: 00191CEB
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 001A3AA1
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080), ref: 001A3AB3
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,?,00000000), ref: 001A3AC9
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000002), ref: 001A3AE0
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 001A3B3C
                                                                                                                                                                                                                  • Part of subcall function 00194900: _memset.LIBCMT ref: 00194A25
                                                                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 001A3BD1
                                                                                                                                                                                                                  • Part of subcall function 001AAE47: __fsopen.LIBCMT ref: 001AAE52
                                                                                                                                                                                                                  • Part of subcall function 00182240: Sleep.KERNEL32(000003E8), ref: 001822FA
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(001E7090,00000080), ref: 001A3BE3
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,001E7090,00000000), ref: 001A3BF7
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(001E7090,00000002), ref: 001A3C44
                                                                                                                                                                                                                  • Part of subcall function 00196E60: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00196EEE
                                                                                                                                                                                                                  • Part of subcall function 00196E60: Process32First.KERNEL32(00000000,00000128), ref: 00196F71
                                                                                                                                                                                                                • __snprintf.LIBCMT ref: 001A3E23
                                                                                                                                                                                                                • _memset.LIBCMT ref: 001A3EF4
                                                                                                                                                                                                                • _memset.LIBCMT ref: 001A3F0A
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00007390,00000000,00000000,00000000), ref: 001A3F21
                                                                                                                                                                                                                • Sleep.KERNEL32(0000C350), ref: 001A3F63
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 001A263F
                                                                                                                                                                                                                  • Part of subcall function 001AA5B0: _doexit.LIBCMT ref: 001AA5BA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • C:\Windows\system32\config\systemprofile, xrefs: 001A2332
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2475403570.0000000000181000.00000020.00000001.01000000.00000007.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475354111.0000000000180000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475473087.00000000001D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475570182.00000000001EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_180000_czmruiag.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$File$AttributesSleep$Create$_memset$LibraryLoad$CopyModuleMutex__stat32i64_malloc$CommandCountHandleLineNameTick_free$CloseDirectoryEnvironmentFirstProcess32SnapshotStartupSystemThreadTimeToolhelp32VariableVersion___copy_path_to_wide_string__fsopen__itow__snprintf__wstat64i32_doexit_memmove_strstr
                                                                                                                                                                                                                • String ID: C:\Windows\system32\config\systemprofile
                                                                                                                                                                                                                • API String ID: 2795360046-3771762618
                                                                                                                                                                                                                • Opcode ID: 6e0af0354e7a41cfe68f36e2c2efcc260b49f13cf790f437b0c2746258b12cb2
                                                                                                                                                                                                                • Instruction ID: 21228cd033c929b19108d7b8606ccb9a69c48225185033329c17a05c42c54960
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e0af0354e7a41cfe68f36e2c2efcc260b49f13cf790f437b0c2746258b12cb2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49A3BF75D01A888FC712CFB4EC81B6DB776BF9A349F448249E5097AAA1EB7019C0CF51
                                                                                                                                                                                                                Function 00194360 Relevance: 6.1, APIs: 4, Instructions: 121fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1172 194360-1943df call 1ab610 call 181da0 1177 1943e1-1943f1 call 186df0 1172->1177 1178 1943f6-194416 CreateFileA 1172->1178 1185 194566-194569 1177->1185 1180 194418-194429 call 186df0 1178->1180 1181 19442e-19443e 1178->1181 1180->1185 1184 194446-19444d 1181->1184 1187 19444f-194455 1184->1187 1188 194457 1184->1188 1189 19445e-194543 call 1ae670 call 1a4a20 WriteFile 1187->1189 1188->1189 1189->1184 1194 194549-194559 CloseHandle call 186df0 1189->1194 1196 19455e-194561 1194->1196 1196->1185
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00181DA0: WaitForSingleObject.KERNEL32(00000104,00004E20,?,?,?,?,0019686C,00000104), ref: 00181EBC
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000002,40000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 00194409
                                                                                                                                                                                                                  • Part of subcall function 00186DF0: ReleaseMutex.KERNEL32(00196B5F,?,00196B5F,00000104), ref: 00186E07
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2475403570.0000000000181000.00000020.00000001.01000000.00000007.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475354111.0000000000180000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475473087.00000000001D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475570182.00000000001EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_180000_czmruiag.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFileMutexObjectReleaseSingleWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1564016613-0
                                                                                                                                                                                                                • Opcode ID: a47c6e0bf202d9afe9eed79385ae6c31aa835a754eb338c7878ce6acd08b9b43
                                                                                                                                                                                                                • Instruction ID: 5d38f12693901ea311ddb7fffd579dd3900a516f21a3835fae49965fb9636557
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a47c6e0bf202d9afe9eed79385ae6c31aa835a754eb338c7878ce6acd08b9b43
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D519C75800A88EFCB05CFE5EC81B5EB375BB98344F108619F5066B6A1E7706AC0CF90
                                                                                                                                                                                                                Function 0018A200 Relevance: 4.6, APIs: 3, Instructions: 123memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1197 18a200-18a28a 1198 18a28c-18a2b0 1197->1198 1199 18a2c2-18a31e AllocateAndInitializeSid 1197->1199 1198->1199 1200 18a2b2-18a2ba 1198->1200 1201 18a324-18a351 CheckTokenMembership 1199->1201 1202 18a435-18a437 1199->1202 1200->1199 1203 18a402-18a42f FreeSid 1201->1203 1204 18a357-18a39b 1201->1204 1205 18a439-18a449 1202->1205 1206 18a451-18a457 1202->1206 1203->1202 1207 18a39d-18a3e1 1204->1207 1208 18a3e3-18a3f3 1204->1208 1205->1206 1209 18a3fb 1207->1209 1208->1209 1209->1203
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(00000000,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0018A311
                                                                                                                                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,00000000), ref: 0018A349
                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 0018A42F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2475403570.0000000000181000.00000020.00000001.01000000.00000007.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475354111.0000000000180000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475473087.00000000001D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475570182.00000000001EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_180000_czmruiag.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3429775523-0
                                                                                                                                                                                                                • Opcode ID: ef98860262b573208cdfd87b05031623de0a3786045c65020cefbdbfb902d211
                                                                                                                                                                                                                • Instruction ID: de48b5bc7925144c5e5f5f931acb87e25736ec6aa850503d67278461da102e02
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef98860262b573208cdfd87b05031623de0a3786045c65020cefbdbfb902d211
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19517871801E89CEC706CFF9E89035EB376BF9A388F54830AE5067E961EBB051C18B51
                                                                                                                                                                                                                Function 001A94DD Relevance: 4.5, APIs: 3, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1210 1a94dd-1a94e3 1211 1a94f2-1a94fd call 1aa6fd 1210->1211 1214 1a94ff-1a9502 1211->1214 1215 1a94e5-1a94f0 call 1afc1f 1211->1215 1215->1211 1218 1a9503-1a952d call 1af1c4 call 1af37c 1215->1218
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 001A94F5
                                                                                                                                                                                                                  • Part of subcall function 001AA6FD: __FF_MSGBANNER.LIBCMT ref: 001AA714
                                                                                                                                                                                                                  • Part of subcall function 001AA6FD: __NMSG_WRITE.LIBCMT ref: 001AA71B
                                                                                                                                                                                                                  • Part of subcall function 001AA6FD: RtlAllocateHeap.NTDLL(00AF0000,00000000,00000001,00000000,00000000,00000000,?,001AFCE1,00000000,00000000,00000000,00000000,?,001B05F7,00000018,001E3E08), ref: 001AA740
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 001A9513
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 001A9528
                                                                                                                                                                                                                  • Part of subcall function 001AF37C: RaiseException.KERNEL32(?,?,?,001E3AD0,?,?,?,?,?,001A952D,?,001E3AD0,00000000,00000001), ref: 001AF3D1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2475403570.0000000000181000.00000020.00000001.01000000.00000007.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475354111.0000000000180000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475473087.00000000001D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475570182.00000000001EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_180000_czmruiag.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3074076210-0
                                                                                                                                                                                                                • Opcode ID: 05607002c6adc5a7a2714bff9a2669168c9ea4997921a026c501ca671e729544
                                                                                                                                                                                                                • Instruction ID: 068fde520966fa3999c90fc64df0fbc17678afb9cf9799ca7467b6bc4f20d4f6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05607002c6adc5a7a2714bff9a2669168c9ea4997921a026c501ca671e729544
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DE0657890020EABCF10EFA5DD069EE776CEF16314F504467E814A6281DF70DB95D991
                                                                                                                                                                                                                Function 001BE043 Relevance: 3.0, APIs: 2, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1223 1be043-1be051 1224 1be06e-1be08e call 1bdec5 LCMapStringW 1223->1224 1225 1be053-1be06d LCMapStringEx 1223->1225
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LCMapStringEx.KERNELBASE(?,?,?,?,?,5EFC4D8B,00000000,00000000,00000000,?,001BEAA4,?,?,00000000,?,00000000), ref: 001BE06A
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,?,?,?,?,5EFC4D8B,?,001BEAA4,?,?,00000000,?,00000000,00000000), ref: 001BE087
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2475403570.0000000000181000.00000020.00000001.01000000.00000007.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475354111.0000000000180000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475473087.00000000001D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475570182.00000000001EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_180000_czmruiag.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2568140703-0
                                                                                                                                                                                                                • Opcode ID: e7e46de0a6714c035316f3a435b2a741ea382b2ce5cb18581d3c7a9236ac4b2f
                                                                                                                                                                                                                • Instruction ID: 1f3d0cbafe5ac68d7bebafb15f96e6dd7517b962ca282a02267432482d59aee9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7e46de0a6714c035316f3a435b2a741ea382b2ce5cb18581d3c7a9236ac4b2f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37F01F72010249FFDF069FD4EC4ACEE3F6AFB58350B148515FA1949420E772E9B2AB90
                                                                                                                                                                                                                Function 001CF430 Relevance: 3.0, APIs: 2, Instructions: 17COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1228 1cf430-1cf443 call 1afdf0 1231 1cf445-1cf458 call 1b050d 1228->1231 1232 1cf471-1cf476 call 1afe35 1228->1232 1237 1cf45a call 1cf713 1231->1237 1238 1cf465-1cf46c call 1cf477 1231->1238 1241 1cf45f 1237->1241 1238->1232 1241->1238
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __lock.LIBCMT ref: 001CF447
                                                                                                                                                                                                                  • Part of subcall function 001B050D: __mtinitlocknum.LIBCMT ref: 001B051F
                                                                                                                                                                                                                  • Part of subcall function 001B050D: __amsg_exit.LIBCMT ref: 001B052B
                                                                                                                                                                                                                  • Part of subcall function 001B050D: EnterCriticalSection.KERNEL32(?,?,001B2990,0000000D), ref: 001B0538
                                                                                                                                                                                                                • __tzset_nolock.LIBCMT ref: 001CF45A
                                                                                                                                                                                                                  • Part of subcall function 001CF713: __lock.LIBCMT ref: 001CF738
                                                                                                                                                                                                                  • Part of subcall function 001CF713: ____lc_codepage_func.LIBCMT ref: 001CF77F
                                                                                                                                                                                                                  • Part of subcall function 001CF713: __getenv_helper_nolock.LIBCMT ref: 001CF7A0
                                                                                                                                                                                                                  • Part of subcall function 001CF713: _free.LIBCMT ref: 001CF7D3
                                                                                                                                                                                                                  • Part of subcall function 001CF713: _strlen.LIBCMT ref: 001CF7DA
                                                                                                                                                                                                                  • Part of subcall function 001CF713: __malloc_crt.LIBCMT ref: 001CF7E1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2475403570.0000000000181000.00000020.00000001.01000000.00000007.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475354111.0000000000180000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475473087.00000000001D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475570182.00000000001EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_180000_czmruiag.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __lock$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1282695788-0
                                                                                                                                                                                                                • Opcode ID: 3edb0a391de38a3ac41579a83747f5104da33a09aa3c87dc54de89862c606766
                                                                                                                                                                                                                • Instruction ID: 7ad4f3008932d70f850abb7d337637a8f26b5d759cd03acd7a1b8cc0119309a6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3edb0a391de38a3ac41579a83747f5104da33a09aa3c87dc54de89862c606766
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1E0C234441384DADB70BFF0AA4BB0E3121BB30B26F60416DE058055D28FF485C6CB13
                                                                                                                                                                                                                Function 001AA17E Relevance: 3.0, APIs: 2, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1242 1aa17e-1aa18d call 1aa14a ExitProcess
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___crtCorExitProcess.LIBCMT ref: 001AA184
                                                                                                                                                                                                                  • Part of subcall function 001AA14A: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,001AA189,00000000,?,001AA72A,000000FF,0000001E,00000000,00000000,00000000,?,001AFCE1), ref: 001AA159
                                                                                                                                                                                                                  • Part of subcall function 001AA14A: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 001AA16B
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 001AA18D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2475403570.0000000000181000.00000020.00000001.01000000.00000007.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475354111.0000000000180000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475473087.00000000001D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475570182.00000000001EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_180000_czmruiag.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2427264223-0
                                                                                                                                                                                                                • Opcode ID: d08aff761204e43bdbe5a1a516ea51eeacafbe3c57684c618e71b36c59a7a1a1
                                                                                                                                                                                                                • Instruction ID: e30cf74f32f83d422267cf7cb98f2d9523a41d8e7e9caf5636a05f30b854e59b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d08aff761204e43bdbe5a1a516ea51eeacafbe3c57684c618e71b36c59a7a1a1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDB09230005108BBCB012F15EC0A8483F29EF022A0B404021F908480B2EB72A9D1AA92
                                                                                                                                                                                                                Function 00192280 Relevance: 2.8, APIs: 1, Instructions: 1305COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1245 192280-1922e9 1246 1922eb-192303 1245->1246 1247 192305-192314 1245->1247 1248 19231a-1923fa 1246->1248 1247->1248 1249 192438-192564 1248->1249 1250 1923fc-192430 1248->1250 1251 192582-192594 1249->1251 1252 192566-192568 1249->1252 1250->1249 1254 1925ae-1925d6 1251->1254 1255 192596-1925a6 1251->1255 1252->1251 1253 19256a-19257a 1252->1253 1253->1251 1256 1925d8-1925e4 1254->1256 1257 1925e6-1925e8 1254->1257 1255->1254 1258 19260f-19265d 1256->1258 1257->1258 1259 1925ea-192607 1257->1259 1260 19265f-192693 1258->1260 1261 192695-1926a5 1258->1261 1259->1258 1262 1926ad-1926ff 1260->1262 1261->1262 1263 192701-19275f 1262->1263 1264 192767-1928f4 call 1a8e91 1262->1264 1263->1264 1267 192946-192976 1264->1267 1268 1928f6-192944 1264->1268 1269 1929a4-192a11 1267->1269 1270 192978-19299c 1267->1270 1268->1269 1271 192a8c-192a92 1269->1271 1272 192a13-192a84 1269->1272 1270->1269 1273 192a98-192ab8 1271->1273 1274 192e62-192f06 1271->1274 1272->1271 1277 192aba-192ac6 1273->1277 1278 192acc-192b95 1273->1278 1275 192f18-192fc2 1274->1275 1276 192f08-192f10 1274->1276 1279 192fd4-192ffd 1275->1279 1280 192fc4-192fcc 1275->1280 1276->1275 1277->1278 1281 192bb4-192bea 1278->1281 1282 192b97-192bae 1278->1282 1283 192fff-19304d 1279->1283 1284 193055-193107 1279->1284 1280->1279 1285 192c59-192cea 1281->1285 1286 192bec-192c09 1281->1286 1282->1281 1283->1284 1289 193109-193115 1284->1289 1290 19311d-19316b 1284->1290 1287 192d29-192e5d 1285->1287 1288 192cec-192d0c 1285->1288 1291 192c0b-192c1b 1286->1291 1292 192c1d-192c51 1286->1292 1287->1271 1288->1287 1293 192d0e-192d22 1288->1293 1289->1290 1294 19316d-19317a 1290->1294 1295 193181-1931b2 1290->1295 1291->1285 1292->1285 1293->1287 1294->1295 1296 1931b4-1931e5 1295->1296 1297 1931e7-193202 1295->1297 1298 19320a-193342 1296->1298 1297->1298 1299 193390-1933f9 1298->1299 1300 193344-19338a 1298->1300 1301 1933fb-193424 1299->1301 1302 19342c-1934f8 1299->1302 1300->1299 1301->1302 1303 1934fd-193503 1302->1303 1304 193509-193603 1303->1304 1305 19395d-1939c9 1303->1305 1308 193609-19362d 1304->1308 1309 1936b8-1936dd 1304->1309 1306 1939cb-1939f6 1305->1306 1307 1939fe-193b93 call 1aecc0 call 1ab5d4 1305->1307 1306->1307 1324 193be0-193d66 1307->1324 1325 193b95-193bd8 1307->1325 1308->1309 1311 193633-1936b2 1308->1311 1312 1936df-19371f 1309->1312 1313 193727-193774 1309->1313 1311->1309 1312->1313 1315 19378a-19381d 1313->1315 1316 193776-193783 1313->1316 1318 19382f-193859 1315->1318 1319 19381f-193827 1315->1319 1316->1315 1320 193899-1938b0 1318->1320 1321 19385b-193897 1318->1321 1319->1318 1323 1938b7-1938c6 1320->1323 1321->1323 1326 193908-193958 1323->1326 1327 1938c8-193900 1323->1327 1328 193d68-193dab 1324->1328 1329 193db1-193dd8 1324->1329 1325->1324 1326->1303 1327->1326 1328->1329 1330 193dde-193e1e 1329->1330 1331 193e76-193fbc 1329->1331 1332 193e20-193e64 1330->1332 1333 193e66-193e6e 1330->1333 1334 193fdc-193ffc 1331->1334 1335 193fbe-193fda 1331->1335 1332->1331 1333->1331 1336 194004-1940a3 1334->1336 1335->1336 1337 1940ab-1940ca 1336->1337 1338 1940d0-1940d7 call 19e9c0 1337->1338 1339 1940da-1940fd 1338->1339 1339->1338 1341 1940ff-194103 1339->1341 1341->1337 1342 194105-19415c 1341->1342
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2475403570.0000000000181000.00000020.00000001.01000000.00000007.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475354111.0000000000180000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475473087.00000000001D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475570182.00000000001EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_180000_czmruiag.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2102423945-0
                                                                                                                                                                                                                • Opcode ID: 6ec637da9029f2589413d1fd197bdbfd480a0cf61a1ac2c5721290220227fb64
                                                                                                                                                                                                                • Instruction ID: 5b4853c5fbd06872912913ed1d63a8a929d14a08e103d80e892840c72aef1131
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ec637da9029f2589413d1fd197bdbfd480a0cf61a1ac2c5721290220227fb64
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EEF21671811E89CEC306CFB9E9D122DB7B7BF9A389354830AE5067EA61EB7050C1DB54
                                                                                                                                                                                                                Function 001AA5B0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1344 1aa5b0-1aa5ba call 1aa481 1346 1aa5bf-1aa5c3 1344->1346
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _doexit.LIBCMT ref: 001AA5BA
                                                                                                                                                                                                                  • Part of subcall function 001AA481: __lock.LIBCMT ref: 001AA48F
                                                                                                                                                                                                                  • Part of subcall function 001AA481: DecodePointer.KERNEL32(001E3D00,0000001C,001AA36E,00000000,00000001,00000000,?,001AA2BC,000000FF,?,001B0530,00000011,?,?,001B2990,0000000D), ref: 001AA4CE
                                                                                                                                                                                                                  • Part of subcall function 001AA481: DecodePointer.KERNEL32(?,001AA2BC,000000FF,?,001B0530,00000011,?,?,001B2990,0000000D), ref: 001AA4DF
                                                                                                                                                                                                                  • Part of subcall function 001AA481: EncodePointer.KERNEL32(00000000,?,001AA2BC,000000FF,?,001B0530,00000011,?,?,001B2990,0000000D), ref: 001AA4F8
                                                                                                                                                                                                                  • Part of subcall function 001AA481: DecodePointer.KERNEL32(-00000004,?,001AA2BC,000000FF,?,001B0530,00000011,?,?,001B2990,0000000D), ref: 001AA508
                                                                                                                                                                                                                  • Part of subcall function 001AA481: EncodePointer.KERNEL32(00000000,?,001AA2BC,000000FF,?,001B0530,00000011,?,?,001B2990,0000000D), ref: 001AA50E
                                                                                                                                                                                                                  • Part of subcall function 001AA481: DecodePointer.KERNEL32(?,001AA2BC,000000FF,?,001B0530,00000011,?,?,001B2990,0000000D), ref: 001AA524
                                                                                                                                                                                                                  • Part of subcall function 001AA481: DecodePointer.KERNEL32(?,001AA2BC,000000FF,?,001B0530,00000011,?,?,001B2990,0000000D), ref: 001AA52F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2475403570.0000000000181000.00000020.00000001.01000000.00000007.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475354111.0000000000180000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475473087.00000000001D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475531770.00000000001E9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2475570182.00000000001EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_180000_czmruiag.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2158581194-0
                                                                                                                                                                                                                • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                                • Instruction ID: 5e71871f24a1e84c1ef684760a81b4af5d59bf23fdb1a975e169de1a5fd5e46f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BB0123198030C33D9112545FC03F553B0C4B55B54F940021FA0C1C1E1B7D37560C0CA